xmrig | 66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa

Analysis

max time kernel
99s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
Size

2.7MB
MD5

07496120aa9d37ae9df216cee9483c27
SHA1

38f6abab53e6f7416d3d5c0d7a249ad64f190f16
SHA256

66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa
SHA512

a34511acf26690e3542a0a818b4d764e9f2e883d2e3f30f0ec21bdf1644a796fe02a8ecd0a92102bc0505bd5cb4df1796fed4fdef042bb71589a3bdbf8d297f5
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIV56uL3pgrCEdMKPFoo5EcDa:BemTLkNdfE0pZrV56utgpPFoN

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF79AAD0000-0x00007FF79AE24000-memory.dmp	UPX
behavioral2/files/0x000a000000021677-4.dat	UPX
behavioral2/memory/740-6-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp	UPX
behavioral2/files/0x00080000000233fc-10.dat	UPX
behavioral2/memory/2480-26-0x00007FF7B5B10000-0x00007FF7B5E64000-memory.dmp	UPX
behavioral2/memory/1424-33-0x00007FF620100000-0x00007FF620454000-memory.dmp	UPX
behavioral2/files/0x0007000000023401-45.dat	UPX
behavioral2/files/0x0007000000023405-63.dat	UPX
behavioral2/files/0x0007000000023406-74.dat	UPX
behavioral2/files/0x000700000002340a-88.dat	UPX
behavioral2/files/0x000700000002340c-101.dat	UPX
behavioral2/files/0x000700000002340e-114.dat	UPX
behavioral2/files/0x0007000000023412-130.dat	UPX
behavioral2/memory/2112-783-0x00007FF7CAE50000-0x00007FF7CB1A4000-memory.dmp	UPX
behavioral2/memory/2992-784-0x00007FF785530000-0x00007FF785884000-memory.dmp	UPX
behavioral2/files/0x0007000000023419-168.dat	UPX
behavioral2/files/0x0007000000023418-164.dat	UPX
behavioral2/files/0x0007000000023417-158.dat	UPX
behavioral2/files/0x0007000000023416-154.dat	UPX
behavioral2/files/0x0007000000023415-148.dat	UPX
behavioral2/files/0x0007000000023414-144.dat	UPX
behavioral2/files/0x0007000000023413-138.dat	UPX
behavioral2/files/0x0007000000023411-128.dat	UPX
behavioral2/files/0x0007000000023410-124.dat	UPX
behavioral2/files/0x000700000002340f-118.dat	UPX
behavioral2/files/0x000700000002340d-108.dat	UPX
behavioral2/files/0x000700000002340b-96.dat	UPX
behavioral2/files/0x0007000000023409-89.dat	UPX
behavioral2/files/0x0007000000023408-83.dat	UPX
behavioral2/files/0x0007000000023407-79.dat	UPX
behavioral2/files/0x0007000000023404-64.dat	UPX
behavioral2/files/0x0007000000023403-58.dat	UPX
behavioral2/files/0x0007000000023402-54.dat	UPX
behavioral2/files/0x0007000000023400-41.dat	UPX
behavioral2/files/0x00070000000233ff-37.dat	UPX
behavioral2/files/0x00070000000233fe-34.dat	UPX
behavioral2/files/0x00070000000233fd-30.dat	UPX
behavioral2/memory/4552-27-0x00007FF644E50000-0x00007FF6451A4000-memory.dmp	UPX
behavioral2/files/0x00080000000233f9-18.dat	UPX
behavioral2/memory/4780-15-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp	UPX
behavioral2/memory/3548-785-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp	UPX
behavioral2/memory/4800-786-0x00007FF64CCD0000-0x00007FF64D024000-memory.dmp	UPX
behavioral2/memory/1592-787-0x00007FF69E770000-0x00007FF69EAC4000-memory.dmp	UPX
behavioral2/memory/1452-789-0x00007FF77CC70000-0x00007FF77CFC4000-memory.dmp	UPX
behavioral2/memory/4624-788-0x00007FF626540000-0x00007FF626894000-memory.dmp	UPX
behavioral2/memory/2352-790-0x00007FF73EB80000-0x00007FF73EED4000-memory.dmp	UPX
behavioral2/memory/3104-798-0x00007FF6AF6F0000-0x00007FF6AFA44000-memory.dmp	UPX
behavioral2/memory/2592-920-0x00007FF651E80000-0x00007FF6521D4000-memory.dmp	UPX
behavioral2/memory/3836-911-0x00007FF610F40000-0x00007FF611294000-memory.dmp	UPX
behavioral2/memory/1540-903-0x00007FF7E3CA0000-0x00007FF7E3FF4000-memory.dmp	UPX
behavioral2/memory/3620-886-0x00007FF735D40000-0x00007FF736094000-memory.dmp	UPX
behavioral2/memory/1640-883-0x00007FF7209B0000-0x00007FF720D04000-memory.dmp	UPX
behavioral2/memory/452-869-0x00007FF69D8F0000-0x00007FF69DC44000-memory.dmp	UPX
behavioral2/memory/4024-863-0x00007FF61FEE0000-0x00007FF620234000-memory.dmp	UPX
behavioral2/memory/4400-849-0x00007FF661C00000-0x00007FF661F54000-memory.dmp	UPX
behavioral2/memory/4820-841-0x00007FF643920000-0x00007FF643C74000-memory.dmp	UPX
behavioral2/memory/5008-832-0x00007FF648940000-0x00007FF648C94000-memory.dmp	UPX
behavioral2/memory/412-828-0x00007FF64B3E0000-0x00007FF64B734000-memory.dmp	UPX
behavioral2/memory/736-820-0x00007FF714700000-0x00007FF714A54000-memory.dmp	UPX
behavioral2/memory/1900-813-0x00007FF6F26B0000-0x00007FF6F2A04000-memory.dmp	UPX
behavioral2/memory/4100-807-0x00007FF6FC8D0000-0x00007FF6FCC24000-memory.dmp	UPX
behavioral2/memory/2952-803-0x00007FF6ED610000-0x00007FF6ED964000-memory.dmp	UPX
behavioral2/memory/740-2138-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp	UPX
behavioral2/memory/4780-2139-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF79AAD0000-0x00007FF79AE24000-memory.dmp	xmrig
behavioral2/files/0x000a000000021677-4.dat	xmrig
behavioral2/memory/740-6-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp	xmrig
behavioral2/files/0x00080000000233fc-10.dat	xmrig
behavioral2/memory/2480-26-0x00007FF7B5B10000-0x00007FF7B5E64000-memory.dmp	xmrig
behavioral2/memory/1424-33-0x00007FF620100000-0x00007FF620454000-memory.dmp	xmrig
behavioral2/files/0x0007000000023401-45.dat	xmrig
behavioral2/files/0x0007000000023405-63.dat	xmrig
behavioral2/files/0x0007000000023406-74.dat	xmrig
behavioral2/files/0x000700000002340a-88.dat	xmrig
behavioral2/files/0x000700000002340c-101.dat	xmrig
behavioral2/files/0x000700000002340e-114.dat	xmrig
behavioral2/files/0x0007000000023412-130.dat	xmrig
behavioral2/memory/2112-783-0x00007FF7CAE50000-0x00007FF7CB1A4000-memory.dmp	xmrig
behavioral2/memory/2992-784-0x00007FF785530000-0x00007FF785884000-memory.dmp	xmrig
behavioral2/files/0x0007000000023419-168.dat	xmrig
behavioral2/files/0x0007000000023418-164.dat	xmrig
behavioral2/files/0x0007000000023417-158.dat	xmrig
behavioral2/files/0x0007000000023416-154.dat	xmrig
behavioral2/files/0x0007000000023415-148.dat	xmrig
behavioral2/files/0x0007000000023414-144.dat	xmrig
behavioral2/files/0x0007000000023413-138.dat	xmrig
behavioral2/files/0x0007000000023411-128.dat	xmrig
behavioral2/files/0x0007000000023410-124.dat	xmrig
behavioral2/files/0x000700000002340f-118.dat	xmrig
behavioral2/files/0x000700000002340d-108.dat	xmrig
behavioral2/files/0x000700000002340b-96.dat	xmrig
behavioral2/files/0x0007000000023409-89.dat	xmrig
behavioral2/files/0x0007000000023408-83.dat	xmrig
behavioral2/files/0x0007000000023407-79.dat	xmrig
behavioral2/files/0x0007000000023404-64.dat	xmrig
behavioral2/files/0x0007000000023403-58.dat	xmrig
behavioral2/files/0x0007000000023402-54.dat	xmrig
behavioral2/files/0x0007000000023400-41.dat	xmrig
behavioral2/files/0x00070000000233ff-37.dat	xmrig
behavioral2/files/0x00070000000233fe-34.dat	xmrig
behavioral2/files/0x00070000000233fd-30.dat	xmrig
behavioral2/memory/4552-27-0x00007FF644E50000-0x00007FF6451A4000-memory.dmp	xmrig
behavioral2/files/0x00080000000233f9-18.dat	xmrig
behavioral2/memory/4780-15-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp	xmrig
behavioral2/memory/3548-785-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp	xmrig
behavioral2/memory/4800-786-0x00007FF64CCD0000-0x00007FF64D024000-memory.dmp	xmrig
behavioral2/memory/1592-787-0x00007FF69E770000-0x00007FF69EAC4000-memory.dmp	xmrig
behavioral2/memory/1452-789-0x00007FF77CC70000-0x00007FF77CFC4000-memory.dmp	xmrig
behavioral2/memory/4624-788-0x00007FF626540000-0x00007FF626894000-memory.dmp	xmrig
behavioral2/memory/2352-790-0x00007FF73EB80000-0x00007FF73EED4000-memory.dmp	xmrig
behavioral2/memory/3104-798-0x00007FF6AF6F0000-0x00007FF6AFA44000-memory.dmp	xmrig
behavioral2/memory/2592-920-0x00007FF651E80000-0x00007FF6521D4000-memory.dmp	xmrig
behavioral2/memory/3836-911-0x00007FF610F40000-0x00007FF611294000-memory.dmp	xmrig
behavioral2/memory/1540-903-0x00007FF7E3CA0000-0x00007FF7E3FF4000-memory.dmp	xmrig
behavioral2/memory/3620-886-0x00007FF735D40000-0x00007FF736094000-memory.dmp	xmrig
behavioral2/memory/1640-883-0x00007FF7209B0000-0x00007FF720D04000-memory.dmp	xmrig
behavioral2/memory/452-869-0x00007FF69D8F0000-0x00007FF69DC44000-memory.dmp	xmrig
behavioral2/memory/4024-863-0x00007FF61FEE0000-0x00007FF620234000-memory.dmp	xmrig
behavioral2/memory/4400-849-0x00007FF661C00000-0x00007FF661F54000-memory.dmp	xmrig
behavioral2/memory/4820-841-0x00007FF643920000-0x00007FF643C74000-memory.dmp	xmrig
behavioral2/memory/5008-832-0x00007FF648940000-0x00007FF648C94000-memory.dmp	xmrig
behavioral2/memory/412-828-0x00007FF64B3E0000-0x00007FF64B734000-memory.dmp	xmrig
behavioral2/memory/736-820-0x00007FF714700000-0x00007FF714A54000-memory.dmp	xmrig
behavioral2/memory/1900-813-0x00007FF6F26B0000-0x00007FF6F2A04000-memory.dmp	xmrig
behavioral2/memory/4100-807-0x00007FF6FC8D0000-0x00007FF6FCC24000-memory.dmp	xmrig
behavioral2/memory/2952-803-0x00007FF6ED610000-0x00007FF6ED964000-memory.dmp	xmrig
behavioral2/memory/740-2138-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp	xmrig
behavioral2/memory/4780-2139-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
740	DqHVQhO.exe
4780	mhGODMp.exe
2480	MbtunpG.exe
1424	VQQXNxy.exe
4552	SvDnQnu.exe
2112	xTKHWWu.exe
2592	lpcWnXy.exe
2992	tAMOOwp.exe
3548	eTSpBjG.exe
4800	wjznQiB.exe
1592	jCtxOHc.exe
4624	drcRZZL.exe
1452	ZYpiwYO.exe
2352	vWUpZDb.exe
3104	abjsSEW.exe
2952	fTGRpUd.exe
4100	EVulITD.exe
1900	wgJqJuk.exe
736	JpDSlhl.exe
412	avMrZDu.exe
5008	wUSnJwf.exe
4820	ybjGakL.exe
4400	NqneWmt.exe
4024	xZydOWE.exe
452	SHxrLyX.exe
1640	cuxcqwF.exe
3620	CjgdOSw.exe
1540	koOFuWs.exe
3836	KdGEXQo.exe
4828	BYfknWk.exe
1512	KvkaPlI.exe
1816	xjiNItY.exe
5064	BnCvOps.exe
624	AKPJEhO.exe
1276	AAQPLnT.exe
3816	ipygtPN.exe
4656	xFrIzzi.exe
3952	uODGmsH.exe
816	lgEMWES.exe
2340	YpyKdHd.exe
2568	uVGISyM.exe
4664	wXQgwsd.exe
1772	FovhZVT.exe
3608	tHJHrcs.exe
1692	FrXmZUa.exe
756	CQJiqNZ.exe
4912	KxeAByc.exe
4168	tKcBxzj.exe
2988	uMsVTcw.exe
3384	GpIYJau.exe
1820	abzblXb.exe
3480	sIwgBzZ.exe
4376	foFMSvi.exe
1668	oEKceKY.exe
3736	OBOVZeV.exe
2644	rzYMxsM.exe
4332	SkJtWei.exe
2484	mXsqMNI.exe
1504	vBlIDTF.exe
2664	gXDOvtP.exe
1888	aAzTQqA.exe
2900	RzzHFXV.exe
2804	vjMpJrt.exe
3740	OzLdnhz.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF79AAD0000-0x00007FF79AE24000-memory.dmp	upx
behavioral2/files/0x000a000000021677-4.dat	upx
behavioral2/memory/740-6-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp	upx
behavioral2/files/0x00080000000233fc-10.dat	upx
behavioral2/memory/2480-26-0x00007FF7B5B10000-0x00007FF7B5E64000-memory.dmp	upx
behavioral2/memory/1424-33-0x00007FF620100000-0x00007FF620454000-memory.dmp	upx
behavioral2/files/0x0007000000023401-45.dat	upx
behavioral2/files/0x0007000000023405-63.dat	upx
behavioral2/files/0x0007000000023406-74.dat	upx
behavioral2/files/0x000700000002340a-88.dat	upx
behavioral2/files/0x000700000002340c-101.dat	upx
behavioral2/files/0x000700000002340e-114.dat	upx
behavioral2/files/0x0007000000023412-130.dat	upx
behavioral2/memory/2112-783-0x00007FF7CAE50000-0x00007FF7CB1A4000-memory.dmp	upx
behavioral2/memory/2992-784-0x00007FF785530000-0x00007FF785884000-memory.dmp	upx
behavioral2/files/0x0007000000023419-168.dat	upx
behavioral2/files/0x0007000000023418-164.dat	upx
behavioral2/files/0x0007000000023417-158.dat	upx
behavioral2/files/0x0007000000023416-154.dat	upx
behavioral2/files/0x0007000000023415-148.dat	upx
behavioral2/files/0x0007000000023414-144.dat	upx
behavioral2/files/0x0007000000023413-138.dat	upx
behavioral2/files/0x0007000000023411-128.dat	upx
behavioral2/files/0x0007000000023410-124.dat	upx
behavioral2/files/0x000700000002340f-118.dat	upx
behavioral2/files/0x000700000002340d-108.dat	upx
behavioral2/files/0x000700000002340b-96.dat	upx
behavioral2/files/0x0007000000023409-89.dat	upx
behavioral2/files/0x0007000000023408-83.dat	upx
behavioral2/files/0x0007000000023407-79.dat	upx
behavioral2/files/0x0007000000023404-64.dat	upx
behavioral2/files/0x0007000000023403-58.dat	upx
behavioral2/files/0x0007000000023402-54.dat	upx
behavioral2/files/0x0007000000023400-41.dat	upx
behavioral2/files/0x00070000000233ff-37.dat	upx
behavioral2/files/0x00070000000233fe-34.dat	upx
behavioral2/files/0x00070000000233fd-30.dat	upx
behavioral2/memory/4552-27-0x00007FF644E50000-0x00007FF6451A4000-memory.dmp	upx
behavioral2/files/0x00080000000233f9-18.dat	upx
behavioral2/memory/4780-15-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp	upx
behavioral2/memory/3548-785-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp	upx
behavioral2/memory/4800-786-0x00007FF64CCD0000-0x00007FF64D024000-memory.dmp	upx
behavioral2/memory/1592-787-0x00007FF69E770000-0x00007FF69EAC4000-memory.dmp	upx
behavioral2/memory/1452-789-0x00007FF77CC70000-0x00007FF77CFC4000-memory.dmp	upx
behavioral2/memory/4624-788-0x00007FF626540000-0x00007FF626894000-memory.dmp	upx
behavioral2/memory/2352-790-0x00007FF73EB80000-0x00007FF73EED4000-memory.dmp	upx
behavioral2/memory/3104-798-0x00007FF6AF6F0000-0x00007FF6AFA44000-memory.dmp	upx
behavioral2/memory/2592-920-0x00007FF651E80000-0x00007FF6521D4000-memory.dmp	upx
behavioral2/memory/3836-911-0x00007FF610F40000-0x00007FF611294000-memory.dmp	upx
behavioral2/memory/1540-903-0x00007FF7E3CA0000-0x00007FF7E3FF4000-memory.dmp	upx
behavioral2/memory/3620-886-0x00007FF735D40000-0x00007FF736094000-memory.dmp	upx
behavioral2/memory/1640-883-0x00007FF7209B0000-0x00007FF720D04000-memory.dmp	upx
behavioral2/memory/452-869-0x00007FF69D8F0000-0x00007FF69DC44000-memory.dmp	upx
behavioral2/memory/4024-863-0x00007FF61FEE0000-0x00007FF620234000-memory.dmp	upx
behavioral2/memory/4400-849-0x00007FF661C00000-0x00007FF661F54000-memory.dmp	upx
behavioral2/memory/4820-841-0x00007FF643920000-0x00007FF643C74000-memory.dmp	upx
behavioral2/memory/5008-832-0x00007FF648940000-0x00007FF648C94000-memory.dmp	upx
behavioral2/memory/412-828-0x00007FF64B3E0000-0x00007FF64B734000-memory.dmp	upx
behavioral2/memory/736-820-0x00007FF714700000-0x00007FF714A54000-memory.dmp	upx
behavioral2/memory/1900-813-0x00007FF6F26B0000-0x00007FF6F2A04000-memory.dmp	upx
behavioral2/memory/4100-807-0x00007FF6FC8D0000-0x00007FF6FCC24000-memory.dmp	upx
behavioral2/memory/2952-803-0x00007FF6ED610000-0x00007FF6ED964000-memory.dmp	upx
behavioral2/memory/740-2138-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp	upx
behavioral2/memory/4780-2139-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\giorZFM.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\NxOYLzt.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\UvgUnJm.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\SBEFWTz.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\wWgOHQB.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\XnvcytN.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\iHvNJMV.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\HIzFYUJ.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\SvDnQnu.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\FrXmZUa.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\GpIYJau.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\SgUOwru.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\eBcVqaW.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\XNtqbST.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\zPvyxgD.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\vSHkQHI.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\AxEzUyF.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\pBVHify.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\lTnXrbP.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\KIlvVoz.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\VqkQsCo.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\UhUTqHQ.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\jzNCNqW.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\wmNSQrU.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\CoLPGbe.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\qifAbKi.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\dsKxhUV.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\qsDvnHl.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\KljdZdP.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\JuQerYD.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\QWnaUyB.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\TvRLwDp.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\zfTjLOh.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\aExGjHV.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\bIOpvHG.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\GFwACXn.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\cFnHsRv.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\IJwRtVb.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\hRuBfji.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\wHRKtud.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\KdGEXQo.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\gXDOvtP.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\SYInXON.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\woWfuKy.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\rZdRWfg.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\UxgtpHB.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\gbAAGtS.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\EzsbrJX.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\ZjvUfxC.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\mkvVADr.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\sbSvvbS.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\mBuwWwJ.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\oBIZeLU.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\yiMKzRh.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\vjMpJrt.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\BCuYrjA.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\WdFkDpe.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\ZCfvEEd.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\IKSvBKX.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\qECVCak.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\kIVqUTa.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\vxTwpJK.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\OZMnjtP.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
File created	C:\Windows\System\QQOWyLx.exe	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	1216	dwm.exe
Token: SeChangeNotifyPrivilege	1216	dwm.exe
Token: 33	1216	dwm.exe
Token: SeIncBasePriorityPrivilege	1216	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 740	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	84
PID 4160 wrote to memory of 740	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	84
PID 4160 wrote to memory of 4780	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	85
PID 4160 wrote to memory of 4780	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	85
PID 4160 wrote to memory of 2480	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	86
PID 4160 wrote to memory of 2480	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	86
PID 4160 wrote to memory of 1424	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	87
PID 4160 wrote to memory of 1424	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	87
PID 4160 wrote to memory of 4552	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	88
PID 4160 wrote to memory of 4552	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	88
PID 4160 wrote to memory of 2112	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	89
PID 4160 wrote to memory of 2112	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	89
PID 4160 wrote to memory of 2592	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	90
PID 4160 wrote to memory of 2592	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	90
PID 4160 wrote to memory of 2992	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	92
PID 4160 wrote to memory of 2992	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	92
PID 4160 wrote to memory of 3548	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	93
PID 4160 wrote to memory of 3548	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	93
PID 4160 wrote to memory of 4800	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	94
PID 4160 wrote to memory of 4800	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	94
PID 4160 wrote to memory of 1592	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	95
PID 4160 wrote to memory of 1592	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	95
PID 4160 wrote to memory of 4624	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	96
PID 4160 wrote to memory of 4624	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	96
PID 4160 wrote to memory of 1452	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	97
PID 4160 wrote to memory of 1452	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	97
PID 4160 wrote to memory of 2352	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	98
PID 4160 wrote to memory of 2352	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	98
PID 4160 wrote to memory of 3104	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	99
PID 4160 wrote to memory of 3104	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	99
PID 4160 wrote to memory of 2952	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	100
PID 4160 wrote to memory of 2952	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	100
PID 4160 wrote to memory of 4100	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	101
PID 4160 wrote to memory of 4100	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	101
PID 4160 wrote to memory of 1900	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	102
PID 4160 wrote to memory of 1900	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	102
PID 4160 wrote to memory of 736	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	103
PID 4160 wrote to memory of 736	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	103
PID 4160 wrote to memory of 412	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	104
PID 4160 wrote to memory of 412	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	104
PID 4160 wrote to memory of 5008	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	105
PID 4160 wrote to memory of 5008	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	105
PID 4160 wrote to memory of 4820	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	106
PID 4160 wrote to memory of 4820	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	106
PID 4160 wrote to memory of 4400	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	107
PID 4160 wrote to memory of 4400	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	107
PID 4160 wrote to memory of 4024	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	108
PID 4160 wrote to memory of 4024	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	108
PID 4160 wrote to memory of 452	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	109
PID 4160 wrote to memory of 452	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	109
PID 4160 wrote to memory of 1640	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	110
PID 4160 wrote to memory of 1640	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	110
PID 4160 wrote to memory of 3620	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	111
PID 4160 wrote to memory of 3620	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	111
PID 4160 wrote to memory of 1540	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	112
PID 4160 wrote to memory of 1540	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	112
PID 4160 wrote to memory of 3836	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	113
PID 4160 wrote to memory of 3836	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	113
PID 4160 wrote to memory of 4828	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	114
PID 4160 wrote to memory of 4828	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	114
PID 4160 wrote to memory of 1512	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	115
PID 4160 wrote to memory of 1512	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	115
PID 4160 wrote to memory of 1816	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	116
PID 4160 wrote to memory of 1816	4160	66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe	116

C:\Users\Admin\AppData\Local\Temp\66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe
"C:\Users\Admin\AppData\Local\Temp\66819c78556b4ad6427ddec6de624df2a298f82f0a3d235808446c42f809f8aa.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\System\DqHVQhO.exe
  C:\Windows\System\DqHVQhO.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\mhGODMp.exe
  C:\Windows\System\mhGODMp.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\MbtunpG.exe
  C:\Windows\System\MbtunpG.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\VQQXNxy.exe
  C:\Windows\System\VQQXNxy.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\SvDnQnu.exe
  C:\Windows\System\SvDnQnu.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\xTKHWWu.exe
  C:\Windows\System\xTKHWWu.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\lpcWnXy.exe
  C:\Windows\System\lpcWnXy.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\tAMOOwp.exe
  C:\Windows\System\tAMOOwp.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\eTSpBjG.exe
  C:\Windows\System\eTSpBjG.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\wjznQiB.exe
  C:\Windows\System\wjznQiB.exe
  2⤵
  - Executes dropped EXE
  PID:4800
- C:\Windows\System\jCtxOHc.exe
  C:\Windows\System\jCtxOHc.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\drcRZZL.exe
  C:\Windows\System\drcRZZL.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\ZYpiwYO.exe
  C:\Windows\System\ZYpiwYO.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\vWUpZDb.exe
  C:\Windows\System\vWUpZDb.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\abjsSEW.exe
  C:\Windows\System\abjsSEW.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\fTGRpUd.exe
  C:\Windows\System\fTGRpUd.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\EVulITD.exe
  C:\Windows\System\EVulITD.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\wgJqJuk.exe
  C:\Windows\System\wgJqJuk.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\JpDSlhl.exe
  C:\Windows\System\JpDSlhl.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\avMrZDu.exe
  C:\Windows\System\avMrZDu.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\wUSnJwf.exe
  C:\Windows\System\wUSnJwf.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\ybjGakL.exe
  C:\Windows\System\ybjGakL.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\NqneWmt.exe
  C:\Windows\System\NqneWmt.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\xZydOWE.exe
  C:\Windows\System\xZydOWE.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\SHxrLyX.exe
  C:\Windows\System\SHxrLyX.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\cuxcqwF.exe
  C:\Windows\System\cuxcqwF.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\CjgdOSw.exe
  C:\Windows\System\CjgdOSw.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\koOFuWs.exe
  C:\Windows\System\koOFuWs.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\KdGEXQo.exe
  C:\Windows\System\KdGEXQo.exe
  2⤵
  - Executes dropped EXE
  PID:3836
- C:\Windows\System\BYfknWk.exe
  C:\Windows\System\BYfknWk.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\KvkaPlI.exe
  C:\Windows\System\KvkaPlI.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\xjiNItY.exe
  C:\Windows\System\xjiNItY.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\BnCvOps.exe
  C:\Windows\System\BnCvOps.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\AKPJEhO.exe
  C:\Windows\System\AKPJEhO.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\AAQPLnT.exe
  C:\Windows\System\AAQPLnT.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\ipygtPN.exe
  C:\Windows\System\ipygtPN.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\xFrIzzi.exe
  C:\Windows\System\xFrIzzi.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\uODGmsH.exe
  C:\Windows\System\uODGmsH.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\lgEMWES.exe
  C:\Windows\System\lgEMWES.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\YpyKdHd.exe
  C:\Windows\System\YpyKdHd.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\uVGISyM.exe
  C:\Windows\System\uVGISyM.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\wXQgwsd.exe
  C:\Windows\System\wXQgwsd.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\FovhZVT.exe
  C:\Windows\System\FovhZVT.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\tHJHrcs.exe
  C:\Windows\System\tHJHrcs.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\FrXmZUa.exe
  C:\Windows\System\FrXmZUa.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\CQJiqNZ.exe
  C:\Windows\System\CQJiqNZ.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\KxeAByc.exe
  C:\Windows\System\KxeAByc.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\tKcBxzj.exe
  C:\Windows\System\tKcBxzj.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\uMsVTcw.exe
  C:\Windows\System\uMsVTcw.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\GpIYJau.exe
  C:\Windows\System\GpIYJau.exe
  2⤵
  - Executes dropped EXE
  PID:3384
- C:\Windows\System\abzblXb.exe
  C:\Windows\System\abzblXb.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\sIwgBzZ.exe
  C:\Windows\System\sIwgBzZ.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\foFMSvi.exe
  C:\Windows\System\foFMSvi.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\oEKceKY.exe
  C:\Windows\System\oEKceKY.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\OBOVZeV.exe
  C:\Windows\System\OBOVZeV.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\rzYMxsM.exe
  C:\Windows\System\rzYMxsM.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\SkJtWei.exe
  C:\Windows\System\SkJtWei.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\mXsqMNI.exe
  C:\Windows\System\mXsqMNI.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\vBlIDTF.exe
  C:\Windows\System\vBlIDTF.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\gXDOvtP.exe
  C:\Windows\System\gXDOvtP.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\aAzTQqA.exe
  C:\Windows\System\aAzTQqA.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\RzzHFXV.exe
  C:\Windows\System\RzzHFXV.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\vjMpJrt.exe
  C:\Windows\System\vjMpJrt.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\OzLdnhz.exe
  C:\Windows\System\OzLdnhz.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\ZZXjVnQ.exe
  C:\Windows\System\ZZXjVnQ.exe
  2⤵
  PID:3720
- C:\Windows\System\WZajcwK.exe
  C:\Windows\System\WZajcwK.exe
  2⤵
  PID:1636
- C:\Windows\System\YEnbesy.exe
  C:\Windows\System\YEnbesy.exe
  2⤵
  PID:2940
- C:\Windows\System\VklchDS.exe
  C:\Windows\System\VklchDS.exe
  2⤵
  PID:716
- C:\Windows\System\kIVqUTa.exe
  C:\Windows\System\kIVqUTa.exe
  2⤵
  PID:4732
- C:\Windows\System\BCuYrjA.exe
  C:\Windows\System\BCuYrjA.exe
  2⤵
  PID:948
- C:\Windows\System\lqtCYis.exe
  C:\Windows\System\lqtCYis.exe
  2⤵
  PID:4248
- C:\Windows\System\ZCxjuPA.exe
  C:\Windows\System\ZCxjuPA.exe
  2⤵
  PID:1408
- C:\Windows\System\SmveUcS.exe
  C:\Windows\System\SmveUcS.exe
  2⤵
  PID:4048
- C:\Windows\System\mdtKZql.exe
  C:\Windows\System\mdtKZql.exe
  2⤵
  PID:4660
- C:\Windows\System\LjIOboy.exe
  C:\Windows\System\LjIOboy.exe
  2⤵
  PID:544
- C:\Windows\System\fYEbtzo.exe
  C:\Windows\System\fYEbtzo.exe
  2⤵
  PID:2632
- C:\Windows\System\SPUkKlY.exe
  C:\Windows\System\SPUkKlY.exe
  2⤵
  PID:1004
- C:\Windows\System\coQTGOS.exe
  C:\Windows\System\coQTGOS.exe
  2⤵
  PID:1116
- C:\Windows\System\GiLUuAA.exe
  C:\Windows\System\GiLUuAA.exe
  2⤵
  PID:3124
- C:\Windows\System\NLrRWmE.exe
  C:\Windows\System\NLrRWmE.exe
  2⤵
  PID:4960
- C:\Windows\System\OGAaocN.exe
  C:\Windows\System\OGAaocN.exe
  2⤵
  PID:3668
- C:\Windows\System\qKdPSJv.exe
  C:\Windows\System\qKdPSJv.exe
  2⤵
  PID:3212
- C:\Windows\System\yivViRF.exe
  C:\Windows\System\yivViRF.exe
  2⤵
  PID:1284
- C:\Windows\System\sfXeYmp.exe
  C:\Windows\System\sfXeYmp.exe
  2⤵
  PID:4808
- C:\Windows\System\DSIZLaE.exe
  C:\Windows\System\DSIZLaE.exe
  2⤵
  PID:1332
- C:\Windows\System\yJwClUS.exe
  C:\Windows\System\yJwClUS.exe
  2⤵
  PID:3164
- C:\Windows\System\aKyfqRM.exe
  C:\Windows\System\aKyfqRM.exe
  2⤵
  PID:5124
- C:\Windows\System\vWMnGou.exe
  C:\Windows\System\vWMnGou.exe
  2⤵
  PID:5152
- C:\Windows\System\eBExYCH.exe
  C:\Windows\System\eBExYCH.exe
  2⤵
  PID:5180
- C:\Windows\System\ocQhIEc.exe
  C:\Windows\System\ocQhIEc.exe
  2⤵
  PID:5208
- C:\Windows\System\eXVTpHp.exe
  C:\Windows\System\eXVTpHp.exe
  2⤵
  PID:5236
- C:\Windows\System\KIlvVoz.exe
  C:\Windows\System\KIlvVoz.exe
  2⤵
  PID:5264
- C:\Windows\System\hzRntgU.exe
  C:\Windows\System\hzRntgU.exe
  2⤵
  PID:5292
- C:\Windows\System\WyqXvIc.exe
  C:\Windows\System\WyqXvIc.exe
  2⤵
  PID:5320
- C:\Windows\System\hQtSkzZ.exe
  C:\Windows\System\hQtSkzZ.exe
  2⤵
  PID:5348
- C:\Windows\System\IASnUGi.exe
  C:\Windows\System\IASnUGi.exe
  2⤵
  PID:5376
- C:\Windows\System\MYPmBrY.exe
  C:\Windows\System\MYPmBrY.exe
  2⤵
  PID:5408
- C:\Windows\System\WdFkDpe.exe
  C:\Windows\System\WdFkDpe.exe
  2⤵
  PID:5432
- C:\Windows\System\SgUOwru.exe
  C:\Windows\System\SgUOwru.exe
  2⤵
  PID:5460
- C:\Windows\System\jYzeiVj.exe
  C:\Windows\System\jYzeiVj.exe
  2⤵
  PID:5488
- C:\Windows\System\SPKzfNz.exe
  C:\Windows\System\SPKzfNz.exe
  2⤵
  PID:5516
- C:\Windows\System\jMJoxJk.exe
  C:\Windows\System\jMJoxJk.exe
  2⤵
  PID:5544
- C:\Windows\System\wFYiWFc.exe
  C:\Windows\System\wFYiWFc.exe
  2⤵
  PID:5572
- C:\Windows\System\taFFLqr.exe
  C:\Windows\System\taFFLqr.exe
  2⤵
  PID:5600
- C:\Windows\System\EkeUTgc.exe
  C:\Windows\System\EkeUTgc.exe
  2⤵
  PID:5628
- C:\Windows\System\daOQSfO.exe
  C:\Windows\System\daOQSfO.exe
  2⤵
  PID:5656
- C:\Windows\System\VKztYUm.exe
  C:\Windows\System\VKztYUm.exe
  2⤵
  PID:5684
- C:\Windows\System\ltUviHO.exe
  C:\Windows\System\ltUviHO.exe
  2⤵
  PID:5712
- C:\Windows\System\QRAGhZr.exe
  C:\Windows\System\QRAGhZr.exe
  2⤵
  PID:5740
- C:\Windows\System\OPIvXqM.exe
  C:\Windows\System\OPIvXqM.exe
  2⤵
  PID:5768
- C:\Windows\System\OWCNWNM.exe
  C:\Windows\System\OWCNWNM.exe
  2⤵
  PID:5796
- C:\Windows\System\zjxcLYQ.exe
  C:\Windows\System\zjxcLYQ.exe
  2⤵
  PID:5824
- C:\Windows\System\djaUfcQ.exe
  C:\Windows\System\djaUfcQ.exe
  2⤵
  PID:5852
- C:\Windows\System\GHfPcNI.exe
  C:\Windows\System\GHfPcNI.exe
  2⤵
  PID:5880
- C:\Windows\System\IMZfEnC.exe
  C:\Windows\System\IMZfEnC.exe
  2⤵
  PID:5908
- C:\Windows\System\vWBQqJF.exe
  C:\Windows\System\vWBQqJF.exe
  2⤵
  PID:5936
- C:\Windows\System\BjadxkB.exe
  C:\Windows\System\BjadxkB.exe
  2⤵
  PID:5964
- C:\Windows\System\gMVRDGY.exe
  C:\Windows\System\gMVRDGY.exe
  2⤵
  PID:5992
- C:\Windows\System\VqkQsCo.exe
  C:\Windows\System\VqkQsCo.exe
  2⤵
  PID:6020
- C:\Windows\System\zfTjLOh.exe
  C:\Windows\System\zfTjLOh.exe
  2⤵
  PID:6048
- C:\Windows\System\QCjhCXn.exe
  C:\Windows\System\QCjhCXn.exe
  2⤵
  PID:6076
- C:\Windows\System\xdvuKQc.exe
  C:\Windows\System\xdvuKQc.exe
  2⤵
  PID:6104
- C:\Windows\System\WbpKrHk.exe
  C:\Windows\System\WbpKrHk.exe
  2⤵
  PID:6132
- C:\Windows\System\YHMGVwC.exe
  C:\Windows\System\YHMGVwC.exe
  2⤵
  PID:2712
- C:\Windows\System\SmMHUaf.exe
  C:\Windows\System\SmMHUaf.exe
  2⤵
  PID:1776
- C:\Windows\System\FlgkkKV.exe
  C:\Windows\System\FlgkkKV.exe
  2⤵
  PID:4504
- C:\Windows\System\GXCesxh.exe
  C:\Windows\System\GXCesxh.exe
  2⤵
  PID:5044
- C:\Windows\System\ZCfvEEd.exe
  C:\Windows\System\ZCfvEEd.exe
  2⤵
  PID:1500
- C:\Windows\System\dwhzKwu.exe
  C:\Windows\System\dwhzKwu.exe
  2⤵
  PID:3280
- C:\Windows\System\KjbUmIM.exe
  C:\Windows\System\KjbUmIM.exe
  2⤵
  PID:5172
- C:\Windows\System\kDBXhsz.exe
  C:\Windows\System\kDBXhsz.exe
  2⤵
  PID:1368
- C:\Windows\System\ngzrwUP.exe
  C:\Windows\System\ngzrwUP.exe
  2⤵
  PID:5304
- C:\Windows\System\VHYVUkE.exe
  C:\Windows\System\VHYVUkE.exe
  2⤵
  PID:5364
- C:\Windows\System\XTkuYcm.exe
  C:\Windows\System\XTkuYcm.exe
  2⤵
  PID:5428
- C:\Windows\System\fUgkUkG.exe
  C:\Windows\System\fUgkUkG.exe
  2⤵
  PID:5500
- C:\Windows\System\wvnAySJ.exe
  C:\Windows\System\wvnAySJ.exe
  2⤵
  PID:5560
- C:\Windows\System\XBiYxbq.exe
  C:\Windows\System\XBiYxbq.exe
  2⤵
  PID:5644
- C:\Windows\System\mlreiWK.exe
  C:\Windows\System\mlreiWK.exe
  2⤵
  PID:5724
- C:\Windows\System\fiPzSxq.exe
  C:\Windows\System\fiPzSxq.exe
  2⤵
  PID:5784
- C:\Windows\System\hWHBogu.exe
  C:\Windows\System\hWHBogu.exe
  2⤵
  PID:5812
- C:\Windows\System\vtzWhnk.exe
  C:\Windows\System\vtzWhnk.exe
  2⤵
  PID:5872
- C:\Windows\System\yYNbWkC.exe
  C:\Windows\System\yYNbWkC.exe
  2⤵
  PID:5948
- C:\Windows\System\vBoKZSZ.exe
  C:\Windows\System\vBoKZSZ.exe
  2⤵
  PID:6008
- C:\Windows\System\eZwkUym.exe
  C:\Windows\System\eZwkUym.exe
  2⤵
  PID:6068
- C:\Windows\System\ZjXSWYn.exe
  C:\Windows\System\ZjXSWYn.exe
  2⤵
  PID:2700
- C:\Windows\System\AntsAUI.exe
  C:\Windows\System\AntsAUI.exe
  2⤵
  PID:4372
- C:\Windows\System\pKLrDef.exe
  C:\Windows\System\pKLrDef.exe
  2⤵
  PID:3812
- C:\Windows\System\HQhuvMj.exe
  C:\Windows\System\HQhuvMj.exe
  2⤵
  PID:5200
- C:\Windows\System\tjRSbNc.exe
  C:\Windows\System\tjRSbNc.exe
  2⤵
  PID:5336
- C:\Windows\System\zfsQHrU.exe
  C:\Windows\System\zfsQHrU.exe
  2⤵
  PID:5476
- C:\Windows\System\bTolJeP.exe
  C:\Windows\System\bTolJeP.exe
  2⤵
  PID:5672
- C:\Windows\System\TBBLzGO.exe
  C:\Windows\System\TBBLzGO.exe
  2⤵
  PID:5788
- C:\Windows\System\UrqTINg.exe
  C:\Windows\System\UrqTINg.exe
  2⤵
  PID:5920
- C:\Windows\System\nUvdXtV.exe
  C:\Windows\System\nUvdXtV.exe
  2⤵
  PID:6164
- C:\Windows\System\YNlphhF.exe
  C:\Windows\System\YNlphhF.exe
  2⤵
  PID:6192
- C:\Windows\System\lFmurMV.exe
  C:\Windows\System\lFmurMV.exe
  2⤵
  PID:6220
- C:\Windows\System\DgMkZxy.exe
  C:\Windows\System\DgMkZxy.exe
  2⤵
  PID:6248
- C:\Windows\System\ZsiPiFo.exe
  C:\Windows\System\ZsiPiFo.exe
  2⤵
  PID:6276
- C:\Windows\System\SCQvdAP.exe
  C:\Windows\System\SCQvdAP.exe
  2⤵
  PID:6304
- C:\Windows\System\dsKxhUV.exe
  C:\Windows\System\dsKxhUV.exe
  2⤵
  PID:6332
- C:\Windows\System\QWjbvPw.exe
  C:\Windows\System\QWjbvPw.exe
  2⤵
  PID:6360
- C:\Windows\System\PbDWIxo.exe
  C:\Windows\System\PbDWIxo.exe
  2⤵
  PID:6388
- C:\Windows\System\frYYuPu.exe
  C:\Windows\System\frYYuPu.exe
  2⤵
  PID:6420
- C:\Windows\System\ZizOWBR.exe
  C:\Windows\System\ZizOWBR.exe
  2⤵
  PID:6452
- C:\Windows\System\vsIZMgS.exe
  C:\Windows\System\vsIZMgS.exe
  2⤵
  PID:6480
- C:\Windows\System\RzgLrIc.exe
  C:\Windows\System\RzgLrIc.exe
  2⤵
  PID:6508
- C:\Windows\System\wHDOyQy.exe
  C:\Windows\System\wHDOyQy.exe
  2⤵
  PID:6536
- C:\Windows\System\iGJoTSn.exe
  C:\Windows\System\iGJoTSn.exe
  2⤵
  PID:6564
- C:\Windows\System\kYjFEws.exe
  C:\Windows\System\kYjFEws.exe
  2⤵
  PID:6584
- C:\Windows\System\JXUDUFx.exe
  C:\Windows\System\JXUDUFx.exe
  2⤵
  PID:6612
- C:\Windows\System\huCiXgH.exe
  C:\Windows\System\huCiXgH.exe
  2⤵
  PID:6640
- C:\Windows\System\mbZxFlw.exe
  C:\Windows\System\mbZxFlw.exe
  2⤵
  PID:6668
- C:\Windows\System\OytCvbi.exe
  C:\Windows\System\OytCvbi.exe
  2⤵
  PID:6696
- C:\Windows\System\umVOasT.exe
  C:\Windows\System\umVOasT.exe
  2⤵
  PID:6724
- C:\Windows\System\QkhIyPI.exe
  C:\Windows\System\QkhIyPI.exe
  2⤵
  PID:6752
- C:\Windows\System\IKSvBKX.exe
  C:\Windows\System\IKSvBKX.exe
  2⤵
  PID:6780
- C:\Windows\System\QLXkrfo.exe
  C:\Windows\System\QLXkrfo.exe
  2⤵
  PID:6808
- C:\Windows\System\JXNRBEY.exe
  C:\Windows\System\JXNRBEY.exe
  2⤵
  PID:6836
- C:\Windows\System\NIvLwEU.exe
  C:\Windows\System\NIvLwEU.exe
  2⤵
  PID:6864
- C:\Windows\System\eBcVqaW.exe
  C:\Windows\System\eBcVqaW.exe
  2⤵
  PID:6888
- C:\Windows\System\qSUnmhK.exe
  C:\Windows\System\qSUnmhK.exe
  2⤵
  PID:6920
- C:\Windows\System\mBuwWwJ.exe
  C:\Windows\System\mBuwWwJ.exe
  2⤵
  PID:6948
- C:\Windows\System\tjtBzpn.exe
  C:\Windows\System\tjtBzpn.exe
  2⤵
  PID:6976
- C:\Windows\System\tVPizVI.exe
  C:\Windows\System\tVPizVI.exe
  2⤵
  PID:7000
- C:\Windows\System\UhUTqHQ.exe
  C:\Windows\System\UhUTqHQ.exe
  2⤵
  PID:7032
- C:\Windows\System\gneuiHj.exe
  C:\Windows\System\gneuiHj.exe
  2⤵
  PID:7060
- C:\Windows\System\gDJDIPR.exe
  C:\Windows\System\gDJDIPR.exe
  2⤵
  PID:7088
- C:\Windows\System\hZclOys.exe
  C:\Windows\System\hZclOys.exe
  2⤵
  PID:7116
- C:\Windows\System\yZFvCrJ.exe
  C:\Windows\System\yZFvCrJ.exe
  2⤵
  PID:7144
- C:\Windows\System\SPwrHBp.exe
  C:\Windows\System\SPwrHBp.exe
  2⤵
  PID:6036
- C:\Windows\System\XnvcytN.exe
  C:\Windows\System\XnvcytN.exe
  2⤵
  PID:3976
- C:\Windows\System\iHvNJMV.exe
  C:\Windows\System\iHvNJMV.exe
  2⤵
  PID:5144
- C:\Windows\System\GYNlKzo.exe
  C:\Windows\System\GYNlKzo.exe
  2⤵
  PID:5532
- C:\Windows\System\RIjshtl.exe
  C:\Windows\System\RIjshtl.exe
  2⤵
  PID:5864
- C:\Windows\System\nFbricr.exe
  C:\Windows\System\nFbricr.exe
  2⤵
  PID:6184
- C:\Windows\System\yBLEmAf.exe
  C:\Windows\System\yBLEmAf.exe
  2⤵
  PID:6260
- C:\Windows\System\dBvDuxd.exe
  C:\Windows\System\dBvDuxd.exe
  2⤵
  PID:6320
- C:\Windows\System\aExGjHV.exe
  C:\Windows\System\aExGjHV.exe
  2⤵
  PID:6380
- C:\Windows\System\qrljIJk.exe
  C:\Windows\System\qrljIJk.exe
  2⤵
  PID:6448
- C:\Windows\System\WyIFwuN.exe
  C:\Windows\System\WyIFwuN.exe
  2⤵
  PID:6524
- C:\Windows\System\pFjhxcu.exe
  C:\Windows\System\pFjhxcu.exe
  2⤵
  PID:6580
- C:\Windows\System\xQxwNYG.exe
  C:\Windows\System\xQxwNYG.exe
  2⤵
  PID:6628
- C:\Windows\System\qsDvnHl.exe
  C:\Windows\System\qsDvnHl.exe
  2⤵
  PID:6688
- C:\Windows\System\dYjuOHb.exe
  C:\Windows\System\dYjuOHb.exe
  2⤵
  PID:6764
- C:\Windows\System\SVGotdZ.exe
  C:\Windows\System\SVGotdZ.exe
  2⤵
  PID:6820
- C:\Windows\System\ejtEJIZ.exe
  C:\Windows\System\ejtEJIZ.exe
  2⤵
  PID:6876
- C:\Windows\System\NGQujzk.exe
  C:\Windows\System\NGQujzk.exe
  2⤵
  PID:6936
- C:\Windows\System\zWVzfCG.exe
  C:\Windows\System\zWVzfCG.exe
  2⤵
  PID:6988
- C:\Windows\System\RtxPbyu.exe
  C:\Windows\System\RtxPbyu.exe
  2⤵
  PID:7048
- C:\Windows\System\orWAzwA.exe
  C:\Windows\System\orWAzwA.exe
  2⤵
  PID:7104
- C:\Windows\System\oBIZeLU.exe
  C:\Windows\System\oBIZeLU.exe
  2⤵
  PID:7164
- C:\Windows\System\nZFMtIl.exe
  C:\Windows\System\nZFMtIl.exe
  2⤵
  PID:5280
- C:\Windows\System\izTbcVK.exe
  C:\Windows\System\izTbcVK.exe
  2⤵
  PID:6152
- C:\Windows\System\RauUAdT.exe
  C:\Windows\System\RauUAdT.exe
  2⤵
  PID:6288
- C:\Windows\System\GZYwrjf.exe
  C:\Windows\System\GZYwrjf.exe
  2⤵
  PID:6436
- C:\Windows\System\vrTkdlX.exe
  C:\Windows\System\vrTkdlX.exe
  2⤵
  PID:6560
- C:\Windows\System\aWlcvSB.exe
  C:\Windows\System\aWlcvSB.exe
  2⤵
  PID:6716
- C:\Windows\System\NPjRjOd.exe
  C:\Windows\System\NPjRjOd.exe
  2⤵
  PID:4200
- C:\Windows\System\iLuuHbb.exe
  C:\Windows\System\iLuuHbb.exe
  2⤵
  PID:6908
- C:\Windows\System\pasjvzM.exe
  C:\Windows\System\pasjvzM.exe
  2⤵
  PID:7024
- C:\Windows\System\YrraBGv.exe
  C:\Windows\System\YrraBGv.exe
  2⤵
  PID:7156
- C:\Windows\System\IvtZgZJ.exe
  C:\Windows\System\IvtZgZJ.exe
  2⤵
  PID:5756
- C:\Windows\System\TgdWYUt.exe
  C:\Windows\System\TgdWYUt.exe
  2⤵
  PID:6372
- C:\Windows\System\OLGXASa.exe
  C:\Windows\System\OLGXASa.exe
  2⤵
  PID:7196
- C:\Windows\System\WMMRddQ.exe
  C:\Windows\System\WMMRddQ.exe
  2⤵
  PID:7224
- C:\Windows\System\XvSgNKM.exe
  C:\Windows\System\XvSgNKM.exe
  2⤵
  PID:7252
- C:\Windows\System\PRxhtXt.exe
  C:\Windows\System\PRxhtXt.exe
  2⤵
  PID:7280
- C:\Windows\System\ZakrOgk.exe
  C:\Windows\System\ZakrOgk.exe
  2⤵
  PID:7308
- C:\Windows\System\DnbzCEM.exe
  C:\Windows\System\DnbzCEM.exe
  2⤵
  PID:7336
- C:\Windows\System\pSOoYnR.exe
  C:\Windows\System\pSOoYnR.exe
  2⤵
  PID:7364
- C:\Windows\System\NKjUNSc.exe
  C:\Windows\System\NKjUNSc.exe
  2⤵
  PID:7392
- C:\Windows\System\thVDXWS.exe
  C:\Windows\System\thVDXWS.exe
  2⤵
  PID:7420
- C:\Windows\System\lYzcsjo.exe
  C:\Windows\System\lYzcsjo.exe
  2⤵
  PID:7448
- C:\Windows\System\cgmKfVy.exe
  C:\Windows\System\cgmKfVy.exe
  2⤵
  PID:7472
- C:\Windows\System\rdJSIQO.exe
  C:\Windows\System\rdJSIQO.exe
  2⤵
  PID:7504
- C:\Windows\System\tpEcKSl.exe
  C:\Windows\System\tpEcKSl.exe
  2⤵
  PID:7528
- C:\Windows\System\rCWJOSP.exe
  C:\Windows\System\rCWJOSP.exe
  2⤵
  PID:7560
- C:\Windows\System\IDIWxGL.exe
  C:\Windows\System\IDIWxGL.exe
  2⤵
  PID:7588
- C:\Windows\System\jHNEGTU.exe
  C:\Windows\System\jHNEGTU.exe
  2⤵
  PID:7616
- C:\Windows\System\HAHuhgc.exe
  C:\Windows\System\HAHuhgc.exe
  2⤵
  PID:7724
- C:\Windows\System\pDuiSQo.exe
  C:\Windows\System\pDuiSQo.exe
  2⤵
  PID:7752
- C:\Windows\System\ficHjVj.exe
  C:\Windows\System\ficHjVj.exe
  2⤵
  PID:7772
- C:\Windows\System\NiJrqWT.exe
  C:\Windows\System\NiJrqWT.exe
  2⤵
  PID:7796
- C:\Windows\System\zVAcSqC.exe
  C:\Windows\System\zVAcSqC.exe
  2⤵
  PID:7816
- C:\Windows\System\PvGYnHo.exe
  C:\Windows\System\PvGYnHo.exe
  2⤵
  PID:7836
- C:\Windows\System\EzNkBJi.exe
  C:\Windows\System\EzNkBJi.exe
  2⤵
  PID:7860
- C:\Windows\System\bNMDQjO.exe
  C:\Windows\System\bNMDQjO.exe
  2⤵
  PID:7876
- C:\Windows\System\aXKoHgZ.exe
  C:\Windows\System\aXKoHgZ.exe
  2⤵
  PID:7916
- C:\Windows\System\VEyuQNJ.exe
  C:\Windows\System\VEyuQNJ.exe
  2⤵
  PID:7940
- C:\Windows\System\OzpSOzP.exe
  C:\Windows\System\OzpSOzP.exe
  2⤵
  PID:7964
- C:\Windows\System\JBCUuzv.exe
  C:\Windows\System\JBCUuzv.exe
  2⤵
  PID:8000
- C:\Windows\System\MOWMyuv.exe
  C:\Windows\System\MOWMyuv.exe
  2⤵
  PID:8028
- C:\Windows\System\NYealtQ.exe
  C:\Windows\System\NYealtQ.exe
  2⤵
  PID:8056
- C:\Windows\System\kbJwACC.exe
  C:\Windows\System\kbJwACC.exe
  2⤵
  PID:8076
- C:\Windows\System\FrRjLkx.exe
  C:\Windows\System\FrRjLkx.exe
  2⤵
  PID:8100
- C:\Windows\System\rbHDNco.exe
  C:\Windows\System\rbHDNco.exe
  2⤵
  PID:8116
- C:\Windows\System\AVgEhxT.exe
  C:\Windows\System\AVgEhxT.exe
  2⤵
  PID:8156
- C:\Windows\System\bkEYVGI.exe
  C:\Windows\System\bkEYVGI.exe
  2⤵
  PID:8172
- C:\Windows\System\dytnkFp.exe
  C:\Windows\System\dytnkFp.exe
  2⤵
  PID:6496
- C:\Windows\System\uPWGnCE.exe
  C:\Windows\System\uPWGnCE.exe
  2⤵
  PID:6852
- C:\Windows\System\YSyZZfD.exe
  C:\Windows\System\YSyZZfD.exe
  2⤵
  PID:2896
- C:\Windows\System\GlHUGIs.exe
  C:\Windows\System\GlHUGIs.exe
  2⤵
  PID:7080
- C:\Windows\System\NuEPWMm.exe
  C:\Windows\System\NuEPWMm.exe
  2⤵
  PID:2680
- C:\Windows\System\bIOpvHG.exe
  C:\Windows\System\bIOpvHG.exe
  2⤵
  PID:7180
- C:\Windows\System\IhNCRsW.exe
  C:\Windows\System\IhNCRsW.exe
  2⤵
  PID:7212
- C:\Windows\System\giorZFM.exe
  C:\Windows\System\giorZFM.exe
  2⤵
  PID:7292
- C:\Windows\System\MoKGoyt.exe
  C:\Windows\System\MoKGoyt.exe
  2⤵
  PID:3220
- C:\Windows\System\KbxsPht.exe
  C:\Windows\System\KbxsPht.exe
  2⤵
  PID:7352
- C:\Windows\System\YBZdWsx.exe
  C:\Windows\System\YBZdWsx.exe
  2⤵
  PID:7432
- C:\Windows\System\SYInXON.exe
  C:\Windows\System\SYInXON.exe
  2⤵
  PID:3448
- C:\Windows\System\krtzQSe.exe
  C:\Windows\System\krtzQSe.exe
  2⤵
  PID:7492
- C:\Windows\System\CpORXuk.exe
  C:\Windows\System\CpORXuk.exe
  2⤵
  PID:7572
- C:\Windows\System\qoFZQLA.exe
  C:\Windows\System\qoFZQLA.exe
  2⤵
  PID:2656
- C:\Windows\System\YdigzRx.exe
  C:\Windows\System\YdigzRx.exe
  2⤵
  PID:1072
- C:\Windows\System\heIGLVW.exe
  C:\Windows\System\heIGLVW.exe
  2⤵
  PID:7680
- C:\Windows\System\YLDUVHw.exe
  C:\Windows\System\YLDUVHw.exe
  2⤵
  PID:2556
- C:\Windows\System\yxtMKFy.exe
  C:\Windows\System\yxtMKFy.exe
  2⤵
  PID:7712
- C:\Windows\System\IqLVNVy.exe
  C:\Windows\System\IqLVNVy.exe
  2⤵
  PID:7828
- C:\Windows\System\CHVxAim.exe
  C:\Windows\System\CHVxAim.exe
  2⤵
  PID:7848
- C:\Windows\System\yYpEAxb.exe
  C:\Windows\System\yYpEAxb.exe
  2⤵
  PID:7928
- C:\Windows\System\eqyCBqf.exe
  C:\Windows\System\eqyCBqf.exe
  2⤵
  PID:8044
- C:\Windows\System\WoSsMYy.exe
  C:\Windows\System\WoSsMYy.exe
  2⤵
  PID:7188
- C:\Windows\System\XjayhCT.exe
  C:\Windows\System\XjayhCT.exe
  2⤵
  PID:7272
- C:\Windows\System\GJtxrwH.exe
  C:\Windows\System\GJtxrwH.exe
  2⤵
  PID:7740
- C:\Windows\System\ENGPTwt.exe
  C:\Windows\System\ENGPTwt.exe
  2⤵
  PID:540
- C:\Windows\System\ZrBwVrJ.exe
  C:\Windows\System\ZrBwVrJ.exe
  2⤵
  PID:2816
- C:\Windows\System\pMtzLaM.exe
  C:\Windows\System\pMtzLaM.exe
  2⤵
  PID:7892
- C:\Windows\System\jsKgDwu.exe
  C:\Windows\System\jsKgDwu.exe
  2⤵
  PID:7952
- C:\Windows\System\MbsxxnZ.exe
  C:\Windows\System\MbsxxnZ.exe
  2⤵
  PID:8136
- C:\Windows\System\PekGsQS.exe
  C:\Windows\System\PekGsQS.exe
  2⤵
  PID:2464
- C:\Windows\System\LZJvWgW.exe
  C:\Windows\System\LZJvWgW.exe
  2⤵
  PID:7808
- C:\Windows\System\RSUqVGy.exe
  C:\Windows\System\RSUqVGy.exe
  2⤵
  PID:1892
- C:\Windows\System\qFWdykv.exe
  C:\Windows\System\qFWdykv.exe
  2⤵
  PID:4644
- C:\Windows\System\pWZexfq.exe
  C:\Windows\System\pWZexfq.exe
  2⤵
  PID:7696
- C:\Windows\System\TFtIjXr.exe
  C:\Windows\System\TFtIjXr.exe
  2⤵
  PID:8020
- C:\Windows\System\AuAxJXm.exe
  C:\Windows\System\AuAxJXm.exe
  2⤵
  PID:8180
- C:\Windows\System\jpNsHkA.exe
  C:\Windows\System\jpNsHkA.exe
  2⤵
  PID:7904
- C:\Windows\System\arJgYZp.exe
  C:\Windows\System\arJgYZp.exe
  2⤵
  PID:5020
- C:\Windows\System\BDZNStg.exe
  C:\Windows\System\BDZNStg.exe
  2⤵
  PID:8224
- C:\Windows\System\cJeVfFr.exe
  C:\Windows\System\cJeVfFr.exe
  2⤵
  PID:8256
- C:\Windows\System\vxTwpJK.exe
  C:\Windows\System\vxTwpJK.exe
  2⤵
  PID:8284
- C:\Windows\System\zbJoHOO.exe
  C:\Windows\System\zbJoHOO.exe
  2⤵
  PID:8328
- C:\Windows\System\uSUyoOs.exe
  C:\Windows\System\uSUyoOs.exe
  2⤵
  PID:8364
- C:\Windows\System\GFwACXn.exe
  C:\Windows\System\GFwACXn.exe
  2⤵
  PID:8396
- C:\Windows\System\HIzFYUJ.exe
  C:\Windows\System\HIzFYUJ.exe
  2⤵
  PID:8440
- C:\Windows\System\EUWZaun.exe
  C:\Windows\System\EUWZaun.exe
  2⤵
  PID:8476
- C:\Windows\System\YfQaRgY.exe
  C:\Windows\System\YfQaRgY.exe
  2⤵
  PID:8508
- C:\Windows\System\txMkwEP.exe
  C:\Windows\System\txMkwEP.exe
  2⤵
  PID:8532
- C:\Windows\System\mmEAemB.exe
  C:\Windows\System\mmEAemB.exe
  2⤵
  PID:8560
- C:\Windows\System\QNumPhv.exe
  C:\Windows\System\QNumPhv.exe
  2⤵
  PID:8588
- C:\Windows\System\ZoNHNza.exe
  C:\Windows\System\ZoNHNza.exe
  2⤵
  PID:8616
- C:\Windows\System\jTaSdkw.exe
  C:\Windows\System\jTaSdkw.exe
  2⤵
  PID:8644
- C:\Windows\System\woWfuKy.exe
  C:\Windows\System\woWfuKy.exe
  2⤵
  PID:8696
- C:\Windows\System\jahdAnS.exe
  C:\Windows\System\jahdAnS.exe
  2⤵
  PID:8720
- C:\Windows\System\CTXlNck.exe
  C:\Windows\System\CTXlNck.exe
  2⤵
  PID:8752
- C:\Windows\System\bBySiZe.exe
  C:\Windows\System\bBySiZe.exe
  2⤵
  PID:8784
- C:\Windows\System\mBrNZLC.exe
  C:\Windows\System\mBrNZLC.exe
  2⤵
  PID:8820
- C:\Windows\System\jzNCNqW.exe
  C:\Windows\System\jzNCNqW.exe
  2⤵
  PID:8868
- C:\Windows\System\YNpBgNZ.exe
  C:\Windows\System\YNpBgNZ.exe
  2⤵
  PID:8892
- C:\Windows\System\KFzQlVM.exe
  C:\Windows\System\KFzQlVM.exe
  2⤵
  PID:8920
- C:\Windows\System\vywFmeN.exe
  C:\Windows\System\vywFmeN.exe
  2⤵
  PID:8948
- C:\Windows\System\ACAjicy.exe
  C:\Windows\System\ACAjicy.exe
  2⤵
  PID:8964
- C:\Windows\System\uxkmTyF.exe
  C:\Windows\System\uxkmTyF.exe
  2⤵
  PID:8996
- C:\Windows\System\nFSKPLU.exe
  C:\Windows\System\nFSKPLU.exe
  2⤵
  PID:9040
- C:\Windows\System\LJBzVaM.exe
  C:\Windows\System\LJBzVaM.exe
  2⤵
  PID:9056
- C:\Windows\System\bYEfwEz.exe
  C:\Windows\System\bYEfwEz.exe
  2⤵
  PID:9096
- C:\Windows\System\StVeoax.exe
  C:\Windows\System\StVeoax.exe
  2⤵
  PID:9124
- C:\Windows\System\kwYVrYC.exe
  C:\Windows\System\kwYVrYC.exe
  2⤵
  PID:9156
- C:\Windows\System\tGLibHa.exe
  C:\Windows\System\tGLibHa.exe
  2⤵
  PID:9192
- C:\Windows\System\aeylaQx.exe
  C:\Windows\System\aeylaQx.exe
  2⤵
  PID:8216
- C:\Windows\System\hHOaCNj.exe
  C:\Windows\System\hHOaCNj.exe
  2⤵
  PID:8276
- C:\Windows\System\wricfyX.exe
  C:\Windows\System\wricfyX.exe
  2⤵
  PID:8360
- C:\Windows\System\SiIigkX.exe
  C:\Windows\System\SiIigkX.exe
  2⤵
  PID:8464
- C:\Windows\System\vVwwhoA.exe
  C:\Windows\System\vVwwhoA.exe
  2⤵
  PID:8528
- C:\Windows\System\NIRqMIc.exe
  C:\Windows\System\NIRqMIc.exe
  2⤵
  PID:8600
- C:\Windows\System\AYbLVXY.exe
  C:\Windows\System\AYbLVXY.exe
  2⤵
  PID:8656
- C:\Windows\System\MwXaAqP.exe
  C:\Windows\System\MwXaAqP.exe
  2⤵
  PID:8748
- C:\Windows\System\PSznpqZ.exe
  C:\Windows\System\PSznpqZ.exe
  2⤵
  PID:8808
- C:\Windows\System\yKBzYsa.exe
  C:\Windows\System\yKBzYsa.exe
  2⤵
  PID:8876
- C:\Windows\System\KljdZdP.exe
  C:\Windows\System\KljdZdP.exe
  2⤵
  PID:8936
- C:\Windows\System\xqrdqCY.exe
  C:\Windows\System\xqrdqCY.exe
  2⤵
  PID:9008
- C:\Windows\System\UvlTsgx.exe
  C:\Windows\System\UvlTsgx.exe
  2⤵
  PID:9080
- C:\Windows\System\IKVQokW.exe
  C:\Windows\System\IKVQokW.exe
  2⤵
  PID:9152
- C:\Windows\System\wvPIlyF.exe
  C:\Windows\System\wvPIlyF.exe
  2⤵
  PID:8236
- C:\Windows\System\LWKmrQo.exe
  C:\Windows\System\LWKmrQo.exe
  2⤵
  PID:8432
- C:\Windows\System\rcZrmPG.exe
  C:\Windows\System\rcZrmPG.exe
  2⤵
  PID:8576
- C:\Windows\System\bVjHVGx.exe
  C:\Windows\System\bVjHVGx.exe
  2⤵
  PID:8780
- C:\Windows\System\MnhxKJm.exe
  C:\Windows\System\MnhxKJm.exe
  2⤵
  PID:8932
- C:\Windows\System\Etxbxbq.exe
  C:\Windows\System\Etxbxbq.exe
  2⤵
  PID:9104
- C:\Windows\System\vDoCFMS.exe
  C:\Windows\System\vDoCFMS.exe
  2⤵
  PID:2368
- C:\Windows\System\RTaRRae.exe
  C:\Windows\System\RTaRRae.exe
  2⤵
  PID:8636
- C:\Windows\System\SLCBooP.exe
  C:\Windows\System\SLCBooP.exe
  2⤵
  PID:9048
- C:\Windows\System\YTNDNjZ.exe
  C:\Windows\System\YTNDNjZ.exe
  2⤵
  PID:8340
- C:\Windows\System\eETbnDi.exe
  C:\Windows\System\eETbnDi.exe
  2⤵
  PID:9224
- C:\Windows\System\hbCcvWx.exe
  C:\Windows\System\hbCcvWx.exe
  2⤵
  PID:9252
- C:\Windows\System\PSZfWuR.exe
  C:\Windows\System\PSZfWuR.exe
  2⤵
  PID:9268
- C:\Windows\System\QZBmixt.exe
  C:\Windows\System\QZBmixt.exe
  2⤵
  PID:9308
- C:\Windows\System\nufqMrT.exe
  C:\Windows\System\nufqMrT.exe
  2⤵
  PID:9336
- C:\Windows\System\nRFlMmZ.exe
  C:\Windows\System\nRFlMmZ.exe
  2⤵
  PID:9364
- C:\Windows\System\yiMKzRh.exe
  C:\Windows\System\yiMKzRh.exe
  2⤵
  PID:9392
- C:\Windows\System\yOlCtck.exe
  C:\Windows\System\yOlCtck.exe
  2⤵
  PID:9408
- C:\Windows\System\fNTaNCe.exe
  C:\Windows\System\fNTaNCe.exe
  2⤵
  PID:9452
- C:\Windows\System\mXhohLf.exe
  C:\Windows\System\mXhohLf.exe
  2⤵
  PID:9480
- C:\Windows\System\NxOYLzt.exe
  C:\Windows\System\NxOYLzt.exe
  2⤵
  PID:9504
- C:\Windows\System\KWwWKhT.exe
  C:\Windows\System\KWwWKhT.exe
  2⤵
  PID:9524
- C:\Windows\System\Dlwrgka.exe
  C:\Windows\System\Dlwrgka.exe
  2⤵
  PID:9564
- C:\Windows\System\fudWaPl.exe
  C:\Windows\System\fudWaPl.exe
  2⤵
  PID:9592
- C:\Windows\System\shhqIKU.exe
  C:\Windows\System\shhqIKU.exe
  2⤵
  PID:9608
- C:\Windows\System\aiSeKjl.exe
  C:\Windows\System\aiSeKjl.exe
  2⤵
  PID:9644
- C:\Windows\System\kUxuKXK.exe
  C:\Windows\System\kUxuKXK.exe
  2⤵
  PID:9664
- C:\Windows\System\XuGFgTY.exe
  C:\Windows\System\XuGFgTY.exe
  2⤵
  PID:9696
- C:\Windows\System\YBtGthv.exe
  C:\Windows\System\YBtGthv.exe
  2⤵
  PID:9720
- C:\Windows\System\RMataVV.exe
  C:\Windows\System\RMataVV.exe
  2⤵
  PID:9760
- C:\Windows\System\hfmxsrY.exe
  C:\Windows\System\hfmxsrY.exe
  2⤵
  PID:9788
- C:\Windows\System\lTAgRWN.exe
  C:\Windows\System\lTAgRWN.exe
  2⤵
  PID:9808
- C:\Windows\System\KhKokZJ.exe
  C:\Windows\System\KhKokZJ.exe
  2⤵
  PID:9836
- C:\Windows\System\XNtqbST.exe
  C:\Windows\System\XNtqbST.exe
  2⤵
  PID:9864
- C:\Windows\System\zzooXMr.exe
  C:\Windows\System\zzooXMr.exe
  2⤵
  PID:9892
- C:\Windows\System\RyPpJGj.exe
  C:\Windows\System\RyPpJGj.exe
  2⤵
  PID:9912
- C:\Windows\System\AIIlxzl.exe
  C:\Windows\System\AIIlxzl.exe
  2⤵
  PID:9932
- C:\Windows\System\fxUDauh.exe
  C:\Windows\System\fxUDauh.exe
  2⤵
  PID:9988
- C:\Windows\System\zPvyxgD.exe
  C:\Windows\System\zPvyxgD.exe
  2⤵
  PID:10008
- C:\Windows\System\UvgUnJm.exe
  C:\Windows\System\UvgUnJm.exe
  2⤵
  PID:10044
- C:\Windows\System\puPweTP.exe
  C:\Windows\System\puPweTP.exe
  2⤵
  PID:10060
- C:\Windows\System\TMTXgZk.exe
  C:\Windows\System\TMTXgZk.exe
  2⤵
  PID:10088
- C:\Windows\System\ErZWAvN.exe
  C:\Windows\System\ErZWAvN.exe
  2⤵
  PID:10116
- C:\Windows\System\eTCdjQz.exe
  C:\Windows\System\eTCdjQz.exe
  2⤵
  PID:10144
- C:\Windows\System\xYBTuPJ.exe
  C:\Windows\System\xYBTuPJ.exe
  2⤵
  PID:10184
- C:\Windows\System\gbAAGtS.exe
  C:\Windows\System\gbAAGtS.exe
  2⤵
  PID:10212
- C:\Windows\System\NiTARjG.exe
  C:\Windows\System\NiTARjG.exe
  2⤵
  PID:9068
- C:\Windows\System\wmNSQrU.exe
  C:\Windows\System\wmNSQrU.exe
  2⤵
  PID:9292
- C:\Windows\System\XkqkcCX.exe
  C:\Windows\System\XkqkcCX.exe
  2⤵
  PID:9324
- C:\Windows\System\aISmhcy.exe
  C:\Windows\System\aISmhcy.exe
  2⤵
  PID:9380
- C:\Windows\System\eFtzAjn.exe
  C:\Windows\System\eFtzAjn.exe
  2⤵
  PID:9496
- C:\Windows\System\aQyZmJA.exe
  C:\Windows\System\aQyZmJA.exe
  2⤵
  PID:9552
- C:\Windows\System\HbVZHhd.exe
  C:\Windows\System\HbVZHhd.exe
  2⤵
  PID:9604
- C:\Windows\System\zDcCkEE.exe
  C:\Windows\System\zDcCkEE.exe
  2⤵
  PID:9680
- C:\Windows\System\uTiGlnU.exe
  C:\Windows\System\uTiGlnU.exe
  2⤵
  PID:9756
- C:\Windows\System\SKvKTtS.exe
  C:\Windows\System\SKvKTtS.exe
  2⤵
  PID:9796
- C:\Windows\System\uEclsVe.exe
  C:\Windows\System\uEclsVe.exe
  2⤵
  PID:9872
- C:\Windows\System\gQHMbsh.exe
  C:\Windows\System\gQHMbsh.exe
  2⤵
  PID:9920
- C:\Windows\System\JuQerYD.exe
  C:\Windows\System\JuQerYD.exe
  2⤵
  PID:10004
- C:\Windows\System\GRxsqDd.exe
  C:\Windows\System\GRxsqDd.exe
  2⤵
  PID:10028
- C:\Windows\System\udBQApJ.exe
  C:\Windows\System\udBQApJ.exe
  2⤵
  PID:10100
- C:\Windows\System\rZdRWfg.exe
  C:\Windows\System\rZdRWfg.exe
  2⤵
  PID:10172
- C:\Windows\System\OMRXbBg.exe
  C:\Windows\System\OMRXbBg.exe
  2⤵
  PID:10236
- C:\Windows\System\yOnMHUJ.exe
  C:\Windows\System\yOnMHUJ.exe
  2⤵
  PID:9404
- C:\Windows\System\pBVHify.exe
  C:\Windows\System\pBVHify.exe
  2⤵
  PID:9476
- C:\Windows\System\kDwrHNR.exe
  C:\Windows\System\kDwrHNR.exe
  2⤵
  PID:9600
- C:\Windows\System\LrxCSWY.exe
  C:\Windows\System\LrxCSWY.exe
  2⤵
  PID:9828
- C:\Windows\System\ySYDeyR.exe
  C:\Windows\System\ySYDeyR.exe
  2⤵
  PID:9980
- C:\Windows\System\czWXBLV.exe
  C:\Windows\System\czWXBLV.exe
  2⤵
  PID:10080
- C:\Windows\System\CMBIRmo.exe
  C:\Windows\System\CMBIRmo.exe
  2⤵
  PID:9320
- C:\Windows\System\JIpMEMv.exe
  C:\Windows\System\JIpMEMv.exe
  2⤵
  PID:3228
- C:\Windows\System\qECVCak.exe
  C:\Windows\System\qECVCak.exe
  2⤵
  PID:9820
- C:\Windows\System\kCeaecL.exe
  C:\Windows\System\kCeaecL.exe
  2⤵
  PID:10076
- C:\Windows\System\QPlKXRK.exe
  C:\Windows\System\QPlKXRK.exe
  2⤵
  PID:9432
- C:\Windows\System\fwekwCZ.exe
  C:\Windows\System\fwekwCZ.exe
  2⤵
  PID:10248
- C:\Windows\System\HtyoGly.exe
  C:\Windows\System\HtyoGly.exe
  2⤵
  PID:10276
- C:\Windows\System\lcFRPhc.exe
  C:\Windows\System\lcFRPhc.exe
  2⤵
  PID:10304
- C:\Windows\System\xxgLMzE.exe
  C:\Windows\System\xxgLMzE.exe
  2⤵
  PID:10332
- C:\Windows\System\acDQKpU.exe
  C:\Windows\System\acDQKpU.exe
  2⤵
  PID:10360
- C:\Windows\System\HqUoEYs.exe
  C:\Windows\System\HqUoEYs.exe
  2⤵
  PID:10388
- C:\Windows\System\XVIfzvd.exe
  C:\Windows\System\XVIfzvd.exe
  2⤵
  PID:10416
- C:\Windows\System\OgcCarN.exe
  C:\Windows\System\OgcCarN.exe
  2⤵
  PID:10444
- C:\Windows\System\QlGgMDO.exe
  C:\Windows\System\QlGgMDO.exe
  2⤵
  PID:10472
- C:\Windows\System\mWZDNdR.exe
  C:\Windows\System\mWZDNdR.exe
  2⤵
  PID:10488
- C:\Windows\System\eJTQqsj.exe
  C:\Windows\System\eJTQqsj.exe
  2⤵
  PID:10528
- C:\Windows\System\QFSIMly.exe
  C:\Windows\System\QFSIMly.exe
  2⤵
  PID:10556
- C:\Windows\System\UXqBcxi.exe
  C:\Windows\System\UXqBcxi.exe
  2⤵
  PID:10584
- C:\Windows\System\xCAjrLR.exe
  C:\Windows\System\xCAjrLR.exe
  2⤵
  PID:10612
- C:\Windows\System\lTnXrbP.exe
  C:\Windows\System\lTnXrbP.exe
  2⤵
  PID:10644
- C:\Windows\System\mNzdaAq.exe
  C:\Windows\System\mNzdaAq.exe
  2⤵
  PID:10660
- C:\Windows\System\EzsbrJX.exe
  C:\Windows\System\EzsbrJX.exe
  2⤵
  PID:10700
- C:\Windows\System\MwxkFTe.exe
  C:\Windows\System\MwxkFTe.exe
  2⤵
  PID:10728
- C:\Windows\System\EbEumVY.exe
  C:\Windows\System\EbEumVY.exe
  2⤵
  PID:10756
- C:\Windows\System\LNIoKBq.exe
  C:\Windows\System\LNIoKBq.exe
  2⤵
  PID:10784
- C:\Windows\System\HDTWFvN.exe
  C:\Windows\System\HDTWFvN.exe
  2⤵
  PID:10812
- C:\Windows\System\yztEMQZ.exe
  C:\Windows\System\yztEMQZ.exe
  2⤵
  PID:10840
- C:\Windows\System\dmidMbo.exe
  C:\Windows\System\dmidMbo.exe
  2⤵
  PID:10868
- C:\Windows\System\LieiTUB.exe
  C:\Windows\System\LieiTUB.exe
  2⤵
  PID:10892
- C:\Windows\System\mrMGPJN.exe
  C:\Windows\System\mrMGPJN.exe
  2⤵
  PID:10924
- C:\Windows\System\EpYcTld.exe
  C:\Windows\System\EpYcTld.exe
  2⤵
  PID:10952
- C:\Windows\System\OwxtaTU.exe
  C:\Windows\System\OwxtaTU.exe
  2⤵
  PID:10980
- C:\Windows\System\TDGddGz.exe
  C:\Windows\System\TDGddGz.exe
  2⤵
  PID:10996
- C:\Windows\System\hYnYvNk.exe
  C:\Windows\System\hYnYvNk.exe
  2⤵
  PID:11024
- C:\Windows\System\uBAgWAu.exe
  C:\Windows\System\uBAgWAu.exe
  2⤵
  PID:11064
- C:\Windows\System\TWnRIds.exe
  C:\Windows\System\TWnRIds.exe
  2⤵
  PID:11092
- C:\Windows\System\wvsTsDz.exe
  C:\Windows\System\wvsTsDz.exe
  2⤵
  PID:11120
- C:\Windows\System\fSGJXqK.exe
  C:\Windows\System\fSGJXqK.exe
  2⤵
  PID:11136
- C:\Windows\System\lMZvsPP.exe
  C:\Windows\System\lMZvsPP.exe
  2⤵
  PID:11176
- C:\Windows\System\cAuSVBq.exe
  C:\Windows\System\cAuSVBq.exe
  2⤵
  PID:11200
- C:\Windows\System\ZLHhcZH.exe
  C:\Windows\System\ZLHhcZH.exe
  2⤵
  PID:11232
- C:\Windows\System\YSUSdVN.exe
  C:\Windows\System\YSUSdVN.exe
  2⤵
  PID:11248
- C:\Windows\System\szTnciK.exe
  C:\Windows\System\szTnciK.exe
  2⤵
  PID:10264
- C:\Windows\System\OZMnjtP.exe
  C:\Windows\System\OZMnjtP.exe
  2⤵
  PID:4984
- C:\Windows\System\NzfZqcX.exe
  C:\Windows\System\NzfZqcX.exe
  2⤵
  PID:9804
- C:\Windows\System\GLnEUrz.exe
  C:\Windows\System\GLnEUrz.exe
  2⤵
  PID:10428
- C:\Windows\System\JdmvCmr.exe
  C:\Windows\System\JdmvCmr.exe
  2⤵
  PID:10504
- C:\Windows\System\LQJwBHX.exe
  C:\Windows\System\LQJwBHX.exe
  2⤵
  PID:10576
- C:\Windows\System\myrioku.exe
  C:\Windows\System\myrioku.exe
  2⤵
  PID:10636
- C:\Windows\System\SxzWliU.exe
  C:\Windows\System\SxzWliU.exe
  2⤵
  PID:10712
- C:\Windows\System\hZccRcJ.exe
  C:\Windows\System\hZccRcJ.exe
  2⤵
  PID:10780
- C:\Windows\System\DYJCDPK.exe
  C:\Windows\System\DYJCDPK.exe
  2⤵
  PID:10836
- C:\Windows\System\wFePpcM.exe
  C:\Windows\System\wFePpcM.exe
  2⤵
  PID:10864
- C:\Windows\System\WchdrTf.exe
  C:\Windows\System\WchdrTf.exe
  2⤵
  PID:10920
- C:\Windows\System\tyiomvq.exe
  C:\Windows\System\tyiomvq.exe
  2⤵
  PID:11008
- C:\Windows\System\yAhoPso.exe
  C:\Windows\System\yAhoPso.exe
  2⤵
  PID:11076
- C:\Windows\System\ZjvUfxC.exe
  C:\Windows\System\ZjvUfxC.exe
  2⤵
  PID:11164
- C:\Windows\System\IJwRtVb.exe
  C:\Windows\System\IJwRtVb.exe
  2⤵
  PID:11216
- C:\Windows\System\hmsOynh.exe
  C:\Windows\System\hmsOynh.exe
  2⤵
  PID:11260
- C:\Windows\System\qNTuhFs.exe
  C:\Windows\System\qNTuhFs.exe
  2⤵
  PID:10324
- C:\Windows\System\TFYyPpX.exe
  C:\Windows\System\TFYyPpX.exe
  2⤵
  PID:10520
- C:\Windows\System\lIlsWeU.exe
  C:\Windows\System\lIlsWeU.exe
  2⤵
  PID:10672
- C:\Windows\System\wOBasTn.exe
  C:\Windows\System\wOBasTn.exe
  2⤵
  PID:10832
- C:\Windows\System\UPZOOxg.exe
  C:\Windows\System\UPZOOxg.exe
  2⤵
  PID:10964
- C:\Windows\System\sGALqal.exe
  C:\Windows\System\sGALqal.exe
  2⤵
  PID:11132
- C:\Windows\System\tVIZTWA.exe
  C:\Windows\System\tVIZTWA.exe
  2⤵
  PID:9536
- C:\Windows\System\kEjqiYX.exe
  C:\Windows\System\kEjqiYX.exe
  2⤵
  PID:10544
- C:\Windows\System\CbHqxYF.exe
  C:\Windows\System\CbHqxYF.exe
  2⤵
  PID:11048
- C:\Windows\System\aIzHVDD.exe
  C:\Windows\System\aIzHVDD.exe
  2⤵
  PID:10296
- C:\Windows\System\ojRpydd.exe
  C:\Windows\System\ojRpydd.exe
  2⤵
  PID:10596
- C:\Windows\System\YlfhmYR.exe
  C:\Windows\System\YlfhmYR.exe
  2⤵
  PID:11104
- C:\Windows\System\dhTtnbn.exe
  C:\Windows\System\dhTtnbn.exe
  2⤵
  PID:11284
- C:\Windows\System\JywIvBu.exe
  C:\Windows\System\JywIvBu.exe
  2⤵
  PID:11312
- C:\Windows\System\SlxDoGJ.exe
  C:\Windows\System\SlxDoGJ.exe
  2⤵
  PID:11340
- C:\Windows\System\xHVAIZT.exe
  C:\Windows\System\xHVAIZT.exe
  2⤵
  PID:11372
- C:\Windows\System\bidUguU.exe
  C:\Windows\System\bidUguU.exe
  2⤵
  PID:11400
- C:\Windows\System\THMXjsp.exe
  C:\Windows\System\THMXjsp.exe
  2⤵
  PID:11428
- C:\Windows\System\nwBpIxL.exe
  C:\Windows\System\nwBpIxL.exe
  2⤵
  PID:11456
- C:\Windows\System\ZERuecJ.exe
  C:\Windows\System\ZERuecJ.exe
  2⤵
  PID:11484
- C:\Windows\System\VGDikPl.exe
  C:\Windows\System\VGDikPl.exe
  2⤵
  PID:11500
- C:\Windows\System\qMbCQir.exe
  C:\Windows\System\qMbCQir.exe
  2⤵
  PID:11528
- C:\Windows\System\OxdbLxG.exe
  C:\Windows\System\OxdbLxG.exe
  2⤵
  PID:11556
- C:\Windows\System\IvJCDea.exe
  C:\Windows\System\IvJCDea.exe
  2⤵
  PID:11596
- C:\Windows\System\SDAUbTg.exe
  C:\Windows\System\SDAUbTg.exe
  2⤵
  PID:11612
- C:\Windows\System\jcbRGQn.exe
  C:\Windows\System\jcbRGQn.exe
  2⤵
  PID:11652
- C:\Windows\System\LhvfdIC.exe
  C:\Windows\System\LhvfdIC.exe
  2⤵
  PID:11680
- C:\Windows\System\BwcibzJ.exe
  C:\Windows\System\BwcibzJ.exe
  2⤵
  PID:11708
- C:\Windows\System\hlNrCPd.exe
  C:\Windows\System\hlNrCPd.exe
  2⤵
  PID:11736
- C:\Windows\System\EoPAtpV.exe
  C:\Windows\System\EoPAtpV.exe
  2⤵
  PID:11752
- C:\Windows\System\iTLFcPu.exe
  C:\Windows\System\iTLFcPu.exe
  2⤵
  PID:11792
- C:\Windows\System\gnkkOkh.exe
  C:\Windows\System\gnkkOkh.exe
  2⤵
  PID:11808
- C:\Windows\System\PCPeZdO.exe
  C:\Windows\System\PCPeZdO.exe
  2⤵
  PID:11836
- C:\Windows\System\hQRcWhz.exe
  C:\Windows\System\hQRcWhz.exe
  2⤵
  PID:11864
- C:\Windows\System\sFQMgDO.exe
  C:\Windows\System\sFQMgDO.exe
  2⤵
  PID:11880
- C:\Windows\System\KWhYJAE.exe
  C:\Windows\System\KWhYJAE.exe
  2⤵
  PID:11896
- C:\Windows\System\JcHXjSP.exe
  C:\Windows\System\JcHXjSP.exe
  2⤵
  PID:11924
- C:\Windows\System\DMTXYiD.exe
  C:\Windows\System\DMTXYiD.exe
  2⤵
  PID:11984
- C:\Windows\System\vOZPJsh.exe
  C:\Windows\System\vOZPJsh.exe
  2⤵
  PID:12012
- C:\Windows\System\cFnHsRv.exe
  C:\Windows\System\cFnHsRv.exe
  2⤵
  PID:12044
- C:\Windows\System\gQolkAv.exe
  C:\Windows\System\gQolkAv.exe
  2⤵
  PID:12068
- C:\Windows\System\jGSBbAC.exe
  C:\Windows\System\jGSBbAC.exe
  2⤵
  PID:12100
- C:\Windows\System\yNHbwWe.exe
  C:\Windows\System\yNHbwWe.exe
  2⤵
  PID:12124
- C:\Windows\System\MrsFbmJ.exe
  C:\Windows\System\MrsFbmJ.exe
  2⤵
  PID:12156
- C:\Windows\System\pQZraiX.exe
  C:\Windows\System\pQZraiX.exe
  2⤵
  PID:12184
- C:\Windows\System\ZSSFjSC.exe
  C:\Windows\System\ZSSFjSC.exe
  2⤵
  PID:12212
- C:\Windows\System\JWbfItQ.exe
  C:\Windows\System\JWbfItQ.exe
  2⤵
  PID:12232
- C:\Windows\System\cUeKTUV.exe
  C:\Windows\System\cUeKTUV.exe
  2⤵
  PID:12264
- C:\Windows\System\DiiyKAl.exe
  C:\Windows\System\DiiyKAl.exe
  2⤵
  PID:12284
- C:\Windows\System\VGTpinX.exe
  C:\Windows\System\VGTpinX.exe
  2⤵
  PID:11324
- C:\Windows\System\CXuFobq.exe
  C:\Windows\System\CXuFobq.exe
  2⤵
  PID:11384
- C:\Windows\System\oDmqgnv.exe
  C:\Windows\System\oDmqgnv.exe
  2⤵
  PID:11448
- C:\Windows\System\MxIRLDx.exe
  C:\Windows\System\MxIRLDx.exe
  2⤵
  PID:11512
- C:\Windows\System\BzzNiya.exe
  C:\Windows\System\BzzNiya.exe
  2⤵
  PID:11544
- C:\Windows\System\zcNEcnU.exe
  C:\Windows\System\zcNEcnU.exe
  2⤵
  PID:11608
- C:\Windows\System\IgSkbak.exe
  C:\Windows\System\IgSkbak.exe
  2⤵
  PID:11700
- C:\Windows\System\TerfImB.exe
  C:\Windows\System\TerfImB.exe
  2⤵
  PID:11776
- C:\Windows\System\uumMWoj.exe
  C:\Windows\System\uumMWoj.exe
  2⤵
  PID:11856
- C:\Windows\System\WdybkWh.exe
  C:\Windows\System\WdybkWh.exe
  2⤵
  PID:11916
- C:\Windows\System\wGrweXF.exe
  C:\Windows\System\wGrweXF.exe
  2⤵
  PID:12020
- C:\Windows\System\MNgqUJz.exe
  C:\Windows\System\MNgqUJz.exe
  2⤵
  PID:12088
- C:\Windows\System\xweUGMD.exe
  C:\Windows\System\xweUGMD.exe
  2⤵
  PID:12180
- C:\Windows\System\MEIBiYu.exe
  C:\Windows\System\MEIBiYu.exe
  2⤵
  PID:12224
- C:\Windows\System\yDeasUF.exe
  C:\Windows\System\yDeasUF.exe
  2⤵
  PID:11280
- C:\Windows\System\hwdVhnF.exe
  C:\Windows\System\hwdVhnF.exe
  2⤵
  PID:11412
- C:\Windows\System\UvSXxLk.exe
  C:\Windows\System\UvSXxLk.exe
  2⤵
  PID:11584
- C:\Windows\System\LYVmoGW.exe
  C:\Windows\System\LYVmoGW.exe
  2⤵
  PID:11676
- C:\Windows\System\dxKRPMv.exe
  C:\Windows\System\dxKRPMv.exe
  2⤵
  PID:11996
- C:\Windows\System\mAHrzhn.exe
  C:\Windows\System\mAHrzhn.exe
  2⤵
  PID:12064
- C:\Windows\System\EaQfYOU.exe
  C:\Windows\System\EaQfYOU.exe
  2⤵
  PID:12260
- C:\Windows\System\TvRLwDp.exe
  C:\Windows\System\TvRLwDp.exe
  2⤵
  PID:11648
- C:\Windows\System\nWDJSYS.exe
  C:\Windows\System\nWDJSYS.exe
  2⤵
  PID:12172
- C:\Windows\System\eHHOBBN.exe
  C:\Windows\System\eHHOBBN.exe
  2⤵
  PID:11732
- C:\Windows\System\FFHtqun.exe
  C:\Windows\System\FFHtqun.exe
  2⤵
  PID:12304
- C:\Windows\System\IUohlOc.exe
  C:\Windows\System\IUohlOc.exe
  2⤵
  PID:12320
- C:\Windows\System\MrAsXrb.exe
  C:\Windows\System\MrAsXrb.exe
  2⤵
  PID:12364
- C:\Windows\System\CoLPGbe.exe
  C:\Windows\System\CoLPGbe.exe
  2⤵
  PID:12380
- C:\Windows\System\oDnAHky.exe
  C:\Windows\System\oDnAHky.exe
  2⤵
  PID:12408
- C:\Windows\System\fEBgVJe.exe
  C:\Windows\System\fEBgVJe.exe
  2⤵
  PID:12448
- C:\Windows\System\kVgWSkO.exe
  C:\Windows\System\kVgWSkO.exe
  2⤵
  PID:12476
- C:\Windows\System\eZZFiCR.exe
  C:\Windows\System\eZZFiCR.exe
  2⤵
  PID:12492
- C:\Windows\System\qWjGasO.exe
  C:\Windows\System\qWjGasO.exe
  2⤵
  PID:12508
- C:\Windows\System\alAaRMz.exe
  C:\Windows\System\alAaRMz.exe
  2⤵
  PID:12540
- C:\Windows\System\bYxMoLr.exe
  C:\Windows\System\bYxMoLr.exe
  2⤵
  PID:12576
- C:\Windows\System\JYxtRMk.exe
  C:\Windows\System\JYxtRMk.exe
  2⤵
  PID:12592
- C:\Windows\System\iJVIsUr.exe
  C:\Windows\System\iJVIsUr.exe
  2⤵
  PID:12620
- C:\Windows\System\SFrQeMO.exe
  C:\Windows\System\SFrQeMO.exe
  2⤵
  PID:12656
- C:\Windows\System\RZpGaHi.exe
  C:\Windows\System\RZpGaHi.exe
  2⤵
  PID:12696
- C:\Windows\System\NXeVFJE.exe
  C:\Windows\System\NXeVFJE.exe
  2⤵
  PID:12732
- C:\Windows\System\JXQHsLo.exe
  C:\Windows\System\JXQHsLo.exe
  2⤵
  PID:12760
- C:\Windows\System\IhaPMIL.exe
  C:\Windows\System\IhaPMIL.exe
  2⤵
  PID:12784
- C:\Windows\System\ZcPvLoP.exe
  C:\Windows\System\ZcPvLoP.exe
  2⤵
  PID:12820
- C:\Windows\System\XEdaZAm.exe
  C:\Windows\System\XEdaZAm.exe
  2⤵
  PID:12848
- C:\Windows\System\MmZLcSz.exe
  C:\Windows\System\MmZLcSz.exe
  2⤵
  PID:12876
- C:\Windows\System\aLhVKxn.exe
  C:\Windows\System\aLhVKxn.exe
  2⤵
  PID:12892
- C:\Windows\System\TIJfLfV.exe
  C:\Windows\System\TIJfLfV.exe
  2⤵
  PID:12940
- C:\Windows\System\kYPyrDB.exe
  C:\Windows\System\kYPyrDB.exe
  2⤵
  PID:12968
- C:\Windows\System\XyiDVlc.exe
  C:\Windows\System\XyiDVlc.exe
  2⤵
  PID:12984
- C:\Windows\System\ivgWuaa.exe
  C:\Windows\System\ivgWuaa.exe
  2⤵
  PID:13024
- C:\Windows\System\PSHflrB.exe
  C:\Windows\System\PSHflrB.exe
  2⤵
  PID:13040
- C:\Windows\System\ttMXHbL.exe
  C:\Windows\System\ttMXHbL.exe
  2⤵
  PID:13092
- C:\Windows\System\tMlctjV.exe
  C:\Windows\System\tMlctjV.exe
  2⤵
  PID:13108
- C:\Windows\System\nNJwDKO.exe
  C:\Windows\System\nNJwDKO.exe
  2⤵
  PID:13136
- C:\Windows\System\QZQnVNg.exe
  C:\Windows\System\QZQnVNg.exe
  2⤵
  PID:13164
- C:\Windows\System\IBkMhEE.exe
  C:\Windows\System\IBkMhEE.exe
  2⤵
  PID:13192
- C:\Windows\System\GScUOPA.exe
  C:\Windows\System\GScUOPA.exe
  2⤵
  PID:13212
- C:\Windows\System\fRwRCTn.exe
  C:\Windows\System\fRwRCTn.exe
  2⤵
  PID:13244
- C:\Windows\System\xBPbyaG.exe
  C:\Windows\System\xBPbyaG.exe
  2⤵
  PID:13280
- C:\Windows\System\WpOlflY.exe
  C:\Windows\System\WpOlflY.exe
  2⤵
  PID:13296
- C:\Windows\System\wMONgjX.exe
  C:\Windows\System\wMONgjX.exe
  2⤵
  PID:12200
- C:\Windows\System\WDEIWMD.exe
  C:\Windows\System\WDEIWMD.exe
  2⤵
  PID:12360
- C:\Windows\System\FagbBZw.exe
  C:\Windows\System\FagbBZw.exe
  2⤵
  PID:12432
- C:\Windows\System\QJlIHwJ.exe
  C:\Windows\System\QJlIHwJ.exe
  2⤵
  PID:12484
- C:\Windows\System\yFMXRUg.exe
  C:\Windows\System\yFMXRUg.exe
  2⤵
  PID:12520
- C:\Windows\System\YShKREH.exe
  C:\Windows\System\YShKREH.exe
  2⤵
  PID:12568
- C:\Windows\System\NpCAnxC.exe
  C:\Windows\System\NpCAnxC.exe
  2⤵
  PID:12628
- C:\Windows\System\PTmjkaI.exe
  C:\Windows\System\PTmjkaI.exe
  2⤵
  PID:12684
- C:\Windows\System\EkmVZAt.exe
  C:\Windows\System\EkmVZAt.exe
  2⤵
  PID:12780
- C:\Windows\System\YfmzxHg.exe
  C:\Windows\System\YfmzxHg.exe
  2⤵
  PID:11800
- C:\Windows\System\hRuBfji.exe
  C:\Windows\System\hRuBfji.exe
  2⤵
  PID:12872
- C:\Windows\System\dOljymm.exe
  C:\Windows\System\dOljymm.exe
  2⤵
  PID:12952
- C:\Windows\System\BwdPKZi.exe
  C:\Windows\System\BwdPKZi.exe
  2⤵
  PID:13000
- C:\Windows\System\GIvFmOl.exe
  C:\Windows\System\GIvFmOl.exe
  2⤵
  PID:13032
- C:\Windows\System\ppEUQNW.exe
  C:\Windows\System\ppEUQNW.exe
  2⤵
  PID:13124
- C:\Windows\System\rSZiQVy.exe
  C:\Windows\System\rSZiQVy.exe
  2⤵
  PID:13176
- C:\Windows\System\pzkCqTx.exe
  C:\Windows\System\pzkCqTx.exe
  2⤵
  PID:13204
- C:\Windows\System\hijuGpt.exe
  C:\Windows\System\hijuGpt.exe
  2⤵
  PID:12292
- C:\Windows\System\cYWzUkp.exe
  C:\Windows\System\cYWzUkp.exe
  2⤵
  PID:12400
- C:\Windows\System\UuUzVWz.exe
  C:\Windows\System\UuUzVWz.exe
  2⤵
  PID:12468
- C:\Windows\System\lSmZzQi.exe
  C:\Windows\System\lSmZzQi.exe
  2⤵
  PID:12584
- C:\Windows\System\gqxwrfO.exe
  C:\Windows\System\gqxwrfO.exe
  2⤵
  PID:11892
- C:\Windows\System\qifAbKi.exe
  C:\Windows\System\qifAbKi.exe
  2⤵
  PID:12928
- C:\Windows\System\gRWuqoi.exe
  C:\Windows\System\gRWuqoi.exe
  2⤵
  PID:440
- C:\Windows\System\INIyfnl.exe
  C:\Windows\System\INIyfnl.exe
  2⤵
  PID:3864
- C:\Windows\System\hqBCdWS.exe
  C:\Windows\System\hqBCdWS.exe
  2⤵
  PID:13184
- C:\Windows\System\nklyAEA.exe
  C:\Windows\System\nklyAEA.exe
  2⤵
  PID:13272
- C:\Windows\System\SBEFWTz.exe
  C:\Windows\System\SBEFWTz.exe
  2⤵
  PID:12332
- C:\Windows\System\RoZqKxZ.exe
  C:\Windows\System\RoZqKxZ.exe
  2⤵
  PID:13036
- C:\Windows\System\vIbFdOp.exe
  C:\Windows\System\vIbFdOp.exe
  2⤵
  PID:12312
- C:\Windows\System\HIVIlUO.exe
  C:\Windows\System\HIVIlUO.exe
  2⤵
  PID:13340
- C:\Windows\System\wHRKtud.exe
  C:\Windows\System\wHRKtud.exe
  2⤵
  PID:13368
- C:\Windows\System\vSHkQHI.exe
  C:\Windows\System\vSHkQHI.exe
  2⤵
  PID:13392
- C:\Windows\System\JjgjgHs.exe
  C:\Windows\System\JjgjgHs.exe
  2⤵
  PID:13424
- C:\Windows\System\UIROEyR.exe
  C:\Windows\System\UIROEyR.exe
  2⤵
  PID:13440
- C:\Windows\System\NcNBNih.exe
  C:\Windows\System\NcNBNih.exe
  2⤵
  PID:13464
- C:\Windows\System\RefPRvb.exe
  C:\Windows\System\RefPRvb.exe
  2⤵
  PID:13512
- C:\Windows\System\ISvOPPV.exe
  C:\Windows\System\ISvOPPV.exe
  2⤵
  PID:13528
- C:\Windows\System\waVlswX.exe
  C:\Windows\System\waVlswX.exe
  2⤵
  PID:13556
- C:\Windows\System\eTJeupm.exe
  C:\Windows\System\eTJeupm.exe
  2⤵
  PID:13584
- C:\Windows\System\WMDBNuR.exe
  C:\Windows\System\WMDBNuR.exe
  2⤵
  PID:13624
- C:\Windows\System\iYPWjNm.exe
  C:\Windows\System\iYPWjNm.exe
  2⤵
  PID:13660
- C:\Windows\System\OzKNwPT.exe
  C:\Windows\System\OzKNwPT.exe
  2⤵
  PID:13680
- C:\Windows\System\YlwtjjS.exe
  C:\Windows\System\YlwtjjS.exe
  2⤵
  PID:13708
- C:\Windows\System\pEAnGMJ.exe
  C:\Windows\System\pEAnGMJ.exe
  2⤵
  PID:13736
- C:\Windows\System\dAJjFoy.exe
  C:\Windows\System\dAJjFoy.exe
  2⤵
  PID:13764
- C:\Windows\System\sxOtjhT.exe
  C:\Windows\System\sxOtjhT.exe
  2⤵
  PID:13784
- C:\Windows\System\jrDqPLQ.exe
  C:\Windows\System\jrDqPLQ.exe
  2⤵
  PID:13816
- C:\Windows\System\ofUWUbj.exe
  C:\Windows\System\ofUWUbj.exe
  2⤵
  PID:13844
- C:\Windows\System\AxEzUyF.exe
  C:\Windows\System\AxEzUyF.exe
  2⤵
  PID:13880
- C:\Windows\System\UKdrAMB.exe
  C:\Windows\System\UKdrAMB.exe
  2⤵
  PID:13908
- C:\Windows\System\QJnSHPX.exe
  C:\Windows\System\QJnSHPX.exe
  2⤵
  PID:13948
- C:\Windows\System\DlZcGjy.exe
  C:\Windows\System\DlZcGjy.exe
  2⤵
  PID:13976
- C:\Windows\System\yOcAOar.exe
  C:\Windows\System\yOcAOar.exe
  2⤵
  PID:14004
- C:\Windows\System\LIsphoh.exe
  C:\Windows\System\LIsphoh.exe
  2⤵
  PID:14024
- C:\Windows\System\bLCNfja.exe
  C:\Windows\System\bLCNfja.exe
  2⤵
  PID:14056
- C:\Windows\System\iKLlGkt.exe
  C:\Windows\System\iKLlGkt.exe
  2⤵
  PID:14076
- C:\Windows\System\MAgqPHT.exe
  C:\Windows\System\MAgqPHT.exe
  2⤵
  PID:14104
- C:\Windows\System\URvUFwc.exe
  C:\Windows\System\URvUFwc.exe
  2⤵
  PID:14144
- C:\Windows\System\cxpECEL.exe
  C:\Windows\System\cxpECEL.exe
  2⤵
  PID:14172
- C:\Windows\System\DKDVbNk.exe
  C:\Windows\System\DKDVbNk.exe
  2⤵
  PID:14200
- C:\Windows\System\kxKbwoz.exe
  C:\Windows\System\kxKbwoz.exe
  2⤵
  PID:14228
- C:\Windows\System\WZWYXfA.exe
  C:\Windows\System\WZWYXfA.exe
  2⤵
  PID:14256
- C:\Windows\System\VqZBvTl.exe
  C:\Windows\System\VqZBvTl.exe
  2⤵
  PID:14284
- C:\Windows\System\acaFtVa.exe
  C:\Windows\System\acaFtVa.exe
  2⤵
  PID:14312
- C:\Windows\System\JcokjxT.exe
  C:\Windows\System\JcokjxT.exe
  2⤵
  PID:13224
- C:\Windows\System\YZEGKsT.exe
  C:\Windows\System\YZEGKsT.exe
  2⤵
  PID:13364
- C:\Windows\System\gyHiIgz.exe
  C:\Windows\System\gyHiIgz.exe
  2⤵
  PID:13400
- C:\Windows\System\wWgOHQB.exe
  C:\Windows\System\wWgOHQB.exe
  2⤵
  PID:13508
- C:\Windows\System\xQUyQhB.exe
  C:\Windows\System\xQUyQhB.exe
  2⤵
  PID:13540
- C:\Windows\System\qhmJrjY.exe
  C:\Windows\System\qhmJrjY.exe
  2⤵
  PID:13616
- C:\Windows\System\WiRLgse.exe
  C:\Windows\System\WiRLgse.exe
  2⤵
  PID:13636
- C:\Windows\System\NGCotiW.exe
  C:\Windows\System\NGCotiW.exe
  2⤵
  PID:13692
- C:\Windows\System\QEdETZo.exe
  C:\Windows\System\QEdETZo.exe
  2⤵
  PID:13776
- C:\Windows\System\vlxonCd.exe
  C:\Windows\System\vlxonCd.exe
  2⤵
  PID:13872
- C:\Windows\System\UJKXVqI.exe
  C:\Windows\System\UJKXVqI.exe
  2⤵
  PID:13964
- C:\Windows\System\JPCDlSx.exe
  C:\Windows\System\JPCDlSx.exe
  2⤵
  PID:14032
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 14032 -s 248
    3⤵
    PID:13460
- C:\Windows\System\EWFSxaz.exe
  C:\Windows\System\EWFSxaz.exe
  2⤵
  PID:14072

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BYfknWk.exe

Filesize
2.7MB

MD5
9f50895599db00dec4ab5681a4608377

SHA1
eaef0e0de6b0ff46fdfc91b04a82991382b54e0f

SHA256
4234d7e67b5f9bf1f47ce028ce25c13446ff349afff8e10d1b68d5e5ae60d4a8

SHA512
661f727f98c6f83ee29e57d8056b0440237324b870d9386574aa14d393de4e0f89a0e92b828d24dcc4ec9667c6b2635f41d19d2eb26f7dd11e52783651c89825

Download Submit
C:\Windows\System\CjgdOSw.exe

Filesize
2.7MB

MD5
ba5b6f8a0d4b84b01b0e73c202db5795

SHA1
bcb11dba85da871d58626bec9cd9d4ff20718868

SHA256
956d9ea6343e2071751ab4d1f1304c253902fb999b7acf936e794571b469ee24

SHA512
8061aa6a46522fc3c808c399ede4f989079c787726ba0556a3b340fdcdac749164d866d1c5eea7b0e645e5b4968c39562918cad899960dc2f69ad72c3389f9de

Download Submit
C:\Windows\System\DqHVQhO.exe

Filesize
2.7MB

MD5
d91fb441a128074f7cb755a45a87cbb3

SHA1
eaad055bb1c7d7f1f79ee25d43648c052c1fbb67

SHA256
c52aef0799c758eb0aaa4110afa55b3b0bcdbded6b7f6cebb1d1c9ffacc94e39

SHA512
30d9b59c95ed0019b10065e1ee5b2f99be6aef4610911d3429739a6e3214f3ba847ff498851382bc4e0de2ef0479a68d29111db1c39634d8b5db84659c4d1fdd

Download Submit
C:\Windows\System\EVulITD.exe

Filesize
2.7MB

MD5
b863cc0be22273d480155768052ac73a

SHA1
1ddf23b685c8d91a6b715de9d53675864eef542e

SHA256
022b8342bc99d3188c6a5b349fa05798025264c5f0b2cde0d52b7256d5a20903

SHA512
8179147bb2c5c719a7703e2843f6125350133cd138dd8aa3e0f99570e18b3edd42d8388a9c0b8a84b22610b5b73ecd8a85371324ea06fe0c3e7277239192c3f1

Download Submit
C:\Windows\System\JpDSlhl.exe

Filesize
2.7MB

MD5
c4d450af4d9fb11e5246070ba63ff76b

SHA1
cf1a9c22dee74a29e3e885a032c0c1f0f02b49e8

SHA256
5789d3ddd953d976cec4ca8905ae5390d7d81dc64041cc059b27b1bc8584b581

SHA512
3ee27a29045bee94e60723e1b699fbb38d37ae1c58129606514f548e7a0ac22b48396e5bae8be408b611ae48f96a70ed9f3a16b64731b83f5b2863510b8827a4

Download Submit
C:\Windows\System\KdGEXQo.exe

Filesize
2.7MB

MD5
003f1ac1aa10066fe831c6aa3acd189a

SHA1
133db5bcba63d4c531e48ce06a2263fea00ce11e

SHA256
f96d6286a4e7fb40d68fc0d2453fe05dc15ea13e1a36a22a2767fc07a97c2bfd

SHA512
9be4d067c126b9fbbf0218d282ff144b80d6926683c0bc90fabe9ff359cc57d7ba7f2019b7b6ed7aa45008f032926598bd2a91166b6d957fe551c170a166c032

Download Submit
C:\Windows\System\KvkaPlI.exe

Filesize
2.7MB

MD5
6cc67ab0aa663ae442b4dc74f1964260

SHA1
5557d32dca6d90340ac513b902af84ad878eea01

SHA256
2dd9fa50f3c5c2f3adddef4d680063269f41f865ad5f79f8fa0da6d542fd616c

SHA512
53d0da94e4451c64434b84674df16e3e8457bb94fb69d4fa6ebe12a02103f079141e9e9010f7ad26e4e8b452107eb338ecee2c4671f825c078e5abf15e396aa4

Download Submit
C:\Windows\System\MbtunpG.exe

Filesize
2.7MB

MD5
e084ccbb2fee9b702b6c66fe1c1745d3

SHA1
111238d7b65d6ae8265fbe0ac625df7bdadcbf23

SHA256
fb9da64f316c673eaa0282da62a2d43e9d972fbc41174d5b6603c0b84a11b974

SHA512
8f82a0c7c5033a5b663de21aa4993554ed0264067ed5e00a001150afecdb97d73b6f5cbc3cb429549ac89bb0aae4428ed1e191ce0ee6a9b1bdc3011dac5cac83

Download Submit
C:\Windows\System\NqneWmt.exe

Filesize
2.7MB

MD5
ec7a80c6b607b0a3ad6121daef08fc22

SHA1
714417f1d2b2ad4787e68bda93dcf358acfd4a80

SHA256
0510e57830fe77feb6b7a4f5bc5e126bb28e603a0221197a3bcc17ee998ce47b

SHA512
abd0d2c66674d9f603281566823c4b1c6877052d1f052c4816d4718ae2759afc05aa303a1247999793ff795a3feb1b3e5b0244dabf850f7c2d45665dad482f16

Download Submit
C:\Windows\System\SHxrLyX.exe

Filesize
2.7MB

MD5
982a22f97877feef3e4506e86a7c50e4

SHA1
a670deee8841f1b4a3679b4051f056f496655bfb

SHA256
ab200a9dff174eff111bc36133bc06881aa59188da93961306caa4f21528223e

SHA512
b60bcf3683d561497d7ba91f0fa2a86315568e99c84c6ecb4b64915c5d3cf8e94dae5f7b180762aa717f6056b3f8d95a45bb536882395b668e100a06a1bccaef

Download Submit
C:\Windows\System\SvDnQnu.exe

Filesize
2.7MB

MD5
c4ce3671b3b6b3c506b273364ba0fc63

SHA1
59e79bdbf2ce4ce88348ef744395501788567fb3

SHA256
0dc85f74e340f0ad658e2de16586abb53e93894b593b72f9ebab174afd4f1889

SHA512
3b0cba354817f558b7aec5fb7dacb529db2924a44553015e82dd0dfef33deca5b806e13b39b3f4160d158579044997df613de3e180dec3c5b8ff60c432c94b20

Download Submit
C:\Windows\System\VQQXNxy.exe

Filesize
2.7MB

MD5
1751a011d453c83d63c82f97417a3ed5

SHA1
1ede12905ce735af12643cf69e85e1d012569432

SHA256
97b7568e9ec8acf074d2d7d3e92f4f822258b6122e47f471667b53641c65f2d6

SHA512
4698f994a983bc22dc07670eb483382ca602281602e9310c70eed81a7b4c7b5eeda78bb158ff177718a7c81d70ef9c90016b2684f9fb4884401ebcee43354bf8

Download Submit
C:\Windows\System\ZYpiwYO.exe

Filesize
2.7MB

MD5
e63f978283aa24e79309f113c575bc5c

SHA1
55ae4f9bb9cc7629a31c614127d9c2b7007505fa

SHA256
611e9d9ad1fc63df24989e322863940ff1833d65512253d80b47b0434c257384

SHA512
98fd9d445391b0a9de4a65d7809868219f3a74961d0cafc04f31d0671749a9321d05ec9652be822b21922299956efb917b85f6bfe979dba984b7ec507d439c16

Download Submit
C:\Windows\System\abjsSEW.exe

Filesize
2.7MB

MD5
c1fbd98fb2c12ecc324ecb21535d9b5c

SHA1
5641ca0da9e2cea5b091ea91f5e245d3d5861fd2

SHA256
f175a785c7397d528a05a9908059d363edf5c2e4fe3b5ce59011945a4bfda7ad

SHA512
f044e3bae3c4d11c9d2d8df67523013bb96c597b12e01dd1ce2ffef7625dfe0694df9efcd3ae463e7b00c4c0ac9835060c1d3ef93096de24bba205a9ed9f4c16

Download Submit
C:\Windows\System\avMrZDu.exe

Filesize
2.7MB

MD5
6054663d5db78bfb7e8cd97e62d8d2be

SHA1
8a86296c3a491888c964416ea9b976ec6664a0d2

SHA256
f424600e43caaee677e2e3da937115b6b158c3ede5cbf94a05e48bbcf4ad083b

SHA512
13d1f67feadc16d651c529b5f00f52c1937f70529a7cb8e874feb368315d6a1d3372a305b9c014d98c06a80c4dda23e8debef83e0d7c7386628098c8be3390e7

Download Submit
C:\Windows\System\cuxcqwF.exe

Filesize
2.7MB

MD5
3fb2e1e2813cf57ab8e8dd9387429256

SHA1
8d66a74f2edc488b82d55087f6c2b6a8196ee542

SHA256
0b2ea3a344e8863a1281e0a45a9782858063c6b6bb36d9ae5a77bb0d735c0a32

SHA512
718314202500f1b9446613ac94b4481072ded6837f882c40b0d095234bd07d716f4a7560261932224af1784db56bbe6cdfbfc1975ebda6aad1a373d4e4d582e2

Download Submit
C:\Windows\System\drcRZZL.exe

Filesize
2.7MB

MD5
b5099de13b8ef4297f88bafd47c90cc7

SHA1
f34262855c3748fa1672f70c491ca6deaf66d8ed

SHA256
eb9fe2f10828feaa841b3d44bb09ba111bc2786b172a87cd88b74ce4ed8903f1

SHA512
9785bdc07a3e6a6f77a55f7a14dced38d46bdddf2f27921761aa3fecae2688ce789fa80822a44cc01e427f9879367c7de8933e734ec61229c7b498c4b522998a

Download Submit
C:\Windows\System\eTSpBjG.exe

Filesize
2.7MB

MD5
b85691564e00ae7a561b5f22f076048e

SHA1
3154ee92a651dc4a29010b9ea70ab290a47be316

SHA256
cbb8407cb3459f7a82d11afcd23bf28c30353ee472ea2224b436ba2258702ab7

SHA512
aedcd9c3b940c489963480f2a6a86d487fcf7cbe1b3faea9c47aa055782429b606e34cb387aa6b39df033460db25fc9d8b1eac3ae4f6419c081b4d4220162979

Download Submit
C:\Windows\System\fTGRpUd.exe

Filesize
2.7MB

MD5
2003c06f69d44ed93a5f371b5d05d9a7

SHA1
85195f85ce1b01a787a2935a963b30e6fc1d8e8e

SHA256
6c9fb8ee1a2adc46ddcb6c5ff0c2259c90a3432d4536f875b2ed3e7cc55d220d

SHA512
8760094346d67e61d452c6f4782ca1a1a131bbe7a9c4e46189afef3b9cb659cc54343e5e5f4a641c90fc052cbc042e0101d9883eac84147186584c7db27ce2c4

Download Submit
C:\Windows\System\jCtxOHc.exe

Filesize
2.7MB

MD5
2e1748aeeb5a28dd269f4dc12988efed

SHA1
edf747075f5a120f6ccb63fbf4fa344b288e4db5

SHA256
d55b102c00f6132c5f8cc6dbe13681f70c7d958ef2c653b74da42d3f8c67cf2b

SHA512
332a56a658e05f887d48c9fbb3fe1c09120a3dc9d41edefbeaa435c1b581ef3d4721f6ef75c49ada652f0c82db0917c7c7461317cfbbae10bafa35c75d3b0630

Download Submit
C:\Windows\System\koOFuWs.exe

Filesize
2.7MB

MD5
c1eb42f79a5034a7d51e1f64154fe66b

SHA1
50294d9e70c6326f4248b3f6f77dc220338ed13c

SHA256
84a98545a51d4d5503112dafb33c107c36f786c1c9c48c77ab02235840322d94

SHA512
d17c9856259056ed5fdcc8096b5701385f05aa55ee88140bb44b638a4ab319bc7cf6cbf68d0df07bb26b699b7c3f18f3541ecfd44fb433d46dd255eb0695e05c

Download Submit
C:\Windows\System\lpcWnXy.exe

Filesize
2.7MB

MD5
9d3051f773ffd2e64fa29867e1348e28

SHA1
f7145488f993788faafff503ad98c64fc3675f17

SHA256
bc5311fcfa9b8d6b64d621d04a8f716811ba393815d3d6355ad0903564cfb5d8

SHA512
82221e67ebccd04ecaccff7f0195f62527431132352bca1c426c1d7b464b364c5107573738db23dc470d99e322aa3e9958e8d5c052efdac1d3e9dc4b661d6d36

Download Submit
C:\Windows\System\mhGODMp.exe

Filesize
2.7MB

MD5
1987f8ea8d21bfaad6397a658a0dbb8a

SHA1
7bb9e54dffc2e47180b98ebba5a25298bf52370e

SHA256
5a89b98896cec4f0a7e1703bf26e3ce24255c043ac46e5de8017dc97890cd833

SHA512
ba7e2e083cb0d35c52ef607bcbec501e8fa319f59e0a6cbf0a9b107cb1f302b2ef47423869af4f3556d8bfba5f6d015e3e535a7a872effac3fbf83ca0fcd2649

Download Submit
C:\Windows\System\tAMOOwp.exe

Filesize
2.7MB

MD5
471ad16af915ee16bc79079175d4e48a

SHA1
3da671e2f72a0516bb1973964cb9d9fe04958ef9

SHA256
e2b646823c41c352e3ff6d492ee51d4169641e3ccc201a7ed976efa7ed2f76b7

SHA512
6c428be1e67b756b5c8709f849b86e6231b8896aa9b3bc98009f548c0add143dcfaca48af1652ac2033400e41ba3a76d761129637d64eeaba321aa37d7077ae6

Download Submit
C:\Windows\System\vWUpZDb.exe

Filesize
2.7MB

MD5
88f5788f0ef4c775aff2fc16f150f01f

SHA1
18a629edacb871125e06e91a31c7d75a10a7e6e4

SHA256
c9230b90b633a96e17162807c3dce4d30db17cf4747074e004bbd952f99adb99

SHA512
cb5865580b93e472bb133bc414e6c78ded0fa981067fe968ad937c253e936af50b9d887d8b9848592929f7289beedd3a54e073ea9e30b76667dc4be69f858b92

Download Submit
C:\Windows\System\wUSnJwf.exe

Filesize
2.7MB

MD5
a61d59d77145bb8e1105ff7597a61ce2

SHA1
96a1d85f2e46dc2cecf3d374f679f69c3f485bf5

SHA256
5d92b31495613e987d667417a557e5f76b4e0029efdd509d38a184d2138cbed3

SHA512
07335674e24b4eeff18255741ec51d34f250079277581c37477908b6a31a9a48e5dcb86d93e25adec78873a2d049738286fb9101e70c8c215f1f9a38b17958ed

Download Submit
C:\Windows\System\wgJqJuk.exe

Filesize
2.7MB

MD5
4d7225821c1b0636364ca1ca77617c21

SHA1
c1dabd01652bdfcd454a999572e1a49963b318d7

SHA256
3960511948c8f51063419157f1978c2cc06c289a496a37d850767c2db0135fd7

SHA512
df67976dac4d85fb98a8e00ced8f9c4ec2dba16237d3ec8a2883ff3a30e93fef482fcb694ac4a62c6601c1ead41dd11a8393da938d48b0e44aac1c050033dfa1

Download Submit
C:\Windows\System\wjznQiB.exe

Filesize
2.7MB

MD5
e51392a95b26587604fa060ba1d259b7

SHA1
3b648277514943a4bf50c9c32598f9a9f656707c

SHA256
edfbc22851ee6f865a6742504be273a048e7dd6c49b004874ab080865f7b57c2

SHA512
25a5d5d3087b341a1b0b5ed6a99cb246e2b3f1bddaaef6396b341580ce77803b2b0f7e5b9d6c75f6752db4d8f8d4195fc4e2fed77e34698336ff66bcb6842c9c

Download Submit
C:\Windows\System\xTKHWWu.exe

Filesize
2.7MB

MD5
d3709f0d55002172e4a5a822c8f4c8f0

SHA1
03f268ed029782b1dfdb8cf46b8461e3a4ed7b8d

SHA256
7ce1b2c500feba124be9e6bab65baf047dad45a1c34b011864c146d916d9ad4f

SHA512
2e216556a009039c7deac6f6c6ac9d98fc64fb678cb9cb148a311bf46dc354f2367dbc1deac8456796040be78abeeb8256813ca06d8882a76e3d7df0d594a465

Download Submit
C:\Windows\System\xZydOWE.exe

Filesize
2.7MB

MD5
014b842d44a016a44cce6ad4f9411be0

SHA1
f3ba0e7787d2debbb465598102d6981f29fea60e

SHA256
4bc6b4a14be9288990c36ebe38449446d56d7f4ed2d45a6ed642796f5042b274

SHA512
990859e1bd04537fcf8d131717c1e59650174b592a576cb1220725e8656cf34235e6a3af8fe5a14af310f85f51c70d1205f31b275b7cde801f9e230423b2d141

Download Submit
C:\Windows\System\xjiNItY.exe

Filesize
2.7MB

MD5
4c148dd624b7f7ad6f3f632c659a475f

SHA1
10354bbbf3ffb7546f7bd07785d70393f88672ba

SHA256
b35baebd1bbcbd357d49895fe17690c65f75d56d314d44758de7458a3915c77c

SHA512
7105530ea5199c7dadb99ee18ecb8c595410837c627e2ae8e276e1997a1415f04899463fe40ad12e179a1b85cf302b07307ab594a5682a215f650bda691b825f

Download Submit
C:\Windows\System\ybjGakL.exe

Filesize
2.7MB

MD5
ef83afe6e8886a67aefb6a8b3381582a

SHA1
8ef1e3316b96c5c57d3c74016d3e8bee476359f5

SHA256
b73bc2eaa9c33bcfaa33d93cef1e4b7ff53093e1f22c7c9dd3b2b7f46298a791

SHA512
57ba6da21ccc481adbf3723b4397208d5244f6fb21d38d0ada330525ee9964d7c4c25d1fbf7c5939220c95795010d89ea060b558a86d890ba3a0781581a0c6a7

Download Submit
memory/412-2157-0x00007FF64B3E0000-0x00007FF64B734000-memory.dmp

Filesize
3.3MB

Download
memory/412-828-0x00007FF64B3E0000-0x00007FF64B734000-memory.dmp

Filesize
3.3MB

Download
memory/452-869-0x00007FF69D8F0000-0x00007FF69DC44000-memory.dmp

Filesize
3.3MB

Download
memory/452-2170-0x00007FF69D8F0000-0x00007FF69DC44000-memory.dmp

Filesize
3.3MB

Download
memory/736-820-0x00007FF714700000-0x00007FF714A54000-memory.dmp

Filesize
3.3MB

Download
memory/736-2152-0x00007FF714700000-0x00007FF714A54000-memory.dmp

Filesize
3.3MB

Download
memory/740-6-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp

Filesize
3.3MB

Download
memory/740-2144-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp

Filesize
3.3MB

Download
memory/740-2138-0x00007FF77A8C0000-0x00007FF77AC14000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2147-0x00007FF620100000-0x00007FF620454000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2142-0x00007FF620100000-0x00007FF620454000-memory.dmp

Filesize
3.3MB

Download
memory/1424-33-0x00007FF620100000-0x00007FF620454000-memory.dmp

Filesize
3.3MB

Download
memory/1452-789-0x00007FF77CC70000-0x00007FF77CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1452-2166-0x00007FF77CC70000-0x00007FF77CFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1540-2169-0x00007FF7E3CA0000-0x00007FF7E3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1540-903-0x00007FF7E3CA0000-0x00007FF7E3FF4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-787-0x00007FF69E770000-0x00007FF69EAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-2161-0x00007FF69E770000-0x00007FF69EAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2171-0x00007FF7209B0000-0x00007FF720D04000-memory.dmp

Filesize
3.3MB

Download
memory/1640-883-0x00007FF7209B0000-0x00007FF720D04000-memory.dmp

Filesize
3.3MB

Download
memory/1900-2162-0x00007FF6F26B0000-0x00007FF6F2A04000-memory.dmp

Filesize
3.3MB

Download
memory/1900-813-0x00007FF6F26B0000-0x00007FF6F2A04000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2149-0x00007FF7CAE50000-0x00007FF7CB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-783-0x00007FF7CAE50000-0x00007FF7CB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-2143-0x00007FF7CAE50000-0x00007FF7CB1A4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2164-0x00007FF73EB80000-0x00007FF73EED4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-790-0x00007FF73EB80000-0x00007FF73EED4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2140-0x00007FF7B5B10000-0x00007FF7B5E64000-memory.dmp

Filesize
3.3MB

Download
memory/2480-26-0x00007FF7B5B10000-0x00007FF7B5E64000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2146-0x00007FF7B5B10000-0x00007FF7B5E64000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2148-0x00007FF651E80000-0x00007FF6521D4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-920-0x00007FF651E80000-0x00007FF6521D4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-2153-0x00007FF6ED610000-0x00007FF6ED964000-memory.dmp

Filesize
3.3MB

Download
memory/2952-803-0x00007FF6ED610000-0x00007FF6ED964000-memory.dmp

Filesize
3.3MB

Download
memory/2992-784-0x00007FF785530000-0x00007FF785884000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2151-0x00007FF785530000-0x00007FF785884000-memory.dmp

Filesize
3.3MB

Download
memory/3104-2155-0x00007FF6AF6F0000-0x00007FF6AFA44000-memory.dmp

Filesize
3.3MB

Download
memory/3104-798-0x00007FF6AF6F0000-0x00007FF6AFA44000-memory.dmp

Filesize
3.3MB

Download
memory/3548-2159-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3548-785-0x00007FF75DC60000-0x00007FF75DFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3620-2168-0x00007FF735D40000-0x00007FF736094000-memory.dmp

Filesize
3.3MB

Download
memory/3620-886-0x00007FF735D40000-0x00007FF736094000-memory.dmp

Filesize
3.3MB

Download
memory/3836-2172-0x00007FF610F40000-0x00007FF611294000-memory.dmp

Filesize
3.3MB

Download
memory/3836-911-0x00007FF610F40000-0x00007FF611294000-memory.dmp

Filesize
3.3MB

Download
memory/4024-2167-0x00007FF61FEE0000-0x00007FF620234000-memory.dmp

Filesize
3.3MB

Download
memory/4024-863-0x00007FF61FEE0000-0x00007FF620234000-memory.dmp

Filesize
3.3MB

Download
memory/4100-2154-0x00007FF6FC8D0000-0x00007FF6FCC24000-memory.dmp

Filesize
3.3MB

Download
memory/4100-807-0x00007FF6FC8D0000-0x00007FF6FCC24000-memory.dmp

Filesize
3.3MB

Download
memory/4160-0-0x00007FF79AAD0000-0x00007FF79AE24000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1-0x0000025B315B0000-0x0000025B315C0000-memory.dmp

Filesize
64KB

Download
memory/4400-849-0x00007FF661C00000-0x00007FF661F54000-memory.dmp

Filesize
3.3MB

Download
memory/4400-2165-0x00007FF661C00000-0x00007FF661F54000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2150-0x00007FF644E50000-0x00007FF6451A4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-2141-0x00007FF644E50000-0x00007FF6451A4000-memory.dmp

Filesize
3.3MB

Download
memory/4552-27-0x00007FF644E50000-0x00007FF6451A4000-memory.dmp

Filesize
3.3MB

Download
memory/4624-788-0x00007FF626540000-0x00007FF626894000-memory.dmp

Filesize
3.3MB

Download
memory/4624-2158-0x00007FF626540000-0x00007FF626894000-memory.dmp

Filesize
3.3MB

Download
memory/4780-15-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2139-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp

Filesize
3.3MB

Download
memory/4780-2145-0x00007FF7CF420000-0x00007FF7CF774000-memory.dmp

Filesize
3.3MB

Download
memory/4800-786-0x00007FF64CCD0000-0x00007FF64D024000-memory.dmp

Filesize
3.3MB

Download
memory/4800-2156-0x00007FF64CCD0000-0x00007FF64D024000-memory.dmp

Filesize
3.3MB

Download
memory/4820-2163-0x00007FF643920000-0x00007FF643C74000-memory.dmp

Filesize
3.3MB

Download
memory/4820-841-0x00007FF643920000-0x00007FF643C74000-memory.dmp

Filesize
3.3MB

Download
memory/5008-2160-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download
memory/5008-832-0x00007FF648940000-0x00007FF648C94000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads